[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-39840":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":35,"related":36,"reserved_at":9,"published_at":37,"modified_at":38,"state":39,"summary":40,"references_raw":49,"kevs":60,"epss":61,"epss_history":64,"metrics":334,"affected":342},"CVE-2025-39840","In the Linux kernel, the following vulnerability has been resolved:\n\naudit: fix out-of-bounds read in audit_compare_dname_path()\n\nWhen a watch on dir=/ is combined with an fsnotify event for a\nsingle-character name directly under / (e.g., creating /a), an\nout-of-bounds read can occur in audit_compare_dname_path().\n\nThe helper parent_len() returns 1 for \"/\". In audit_compare_dname_path(),\nwhen parentlen equals the full path length (1), the code sets p = path + 1\nand pathlen = 1 - 1 = 0. The subsequent loop then dereferences\np[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read.\n\nFix this by adding a pathlen > 0 check to the while loop condition\nto prevent the out-of-bounds access.\n\n[PM: subject tweak, sign-off email fixes]",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33],{"_key":28},"DEBIAN-CVE-2025-39840",{"_key":30},"RHSA-2026:0445",{"_key":32},"RHSA-2026:0453",{"_key":34},"UBUNTU-CVE-2025-39840",[],[],"2025-09-19T15:26:15.596Z","2026-05-11T21:37:27.640Z","Modified",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":42,"epss_score":43,"severity":44,"severity_score":45,"severity_version":46,"severity_source":47,"severity_vector":48,"severity_status":39},false,"low",0.00021,"high",7.1,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",[50,56],{"url":51,"sources":52,"tags":54},"https://git.kernel.org/stable/c/9735a9dcc307427e7d6336c54171682f1bac9789",[47,53],"nvd",[55],"Patch",{"url":57,"sources":58,"tags":59},"https://git.kernel.org/stable/c/4540f1d23e7f387880ce46d11b5cd3f27248bf8d",[47,53],[55],[],{"date":62,"score":43,"percentile":63},"2026-06-04",0.06154,[65,69,72,75,78,81,84,87,89,92,95,98,101,104,107,110,113,116,119,122,125,128,131,135,138,141,144,146,149,152,155,158,161,164,167,170,173,176,179,182,186,189,192,195,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,266,269,272,275,278,280,283,286,289,292,296,299,302,305,308,311,314,317,320,323,326,329,331],{"date":66,"score":67,"percentile":68},"2025-11-04",0.00026,0.05944,{"date":70,"score":67,"percentile":71},"2025-11-05",0.05963,{"date":73,"score":67,"percentile":74},"2025-11-06",0.0608,{"date":76,"score":67,"percentile":77},"2025-11-07",0.06088,{"date":79,"score":67,"percentile":80},"2025-11-08",0.06095,{"date":82,"score":67,"percentile":83},"2025-11-09",0.06089,{"date":85,"score":67,"percentile":86},"2025-11-10",0.06065,{"date":88,"score":67,"percentile":83},"2025-11-11",{"date":90,"score":67,"percentile":91},"2025-11-12",0.06134,{"date":93,"score":67,"percentile":94},"2025-11-13",0.06168,{"date":96,"score":67,"percentile":97},"2025-11-14",0.06196,{"date":99,"score":67,"percentile":100},"2025-11-15",0.06229,{"date":102,"score":67,"percentile":103},"2025-11-16",0.06249,{"date":105,"score":67,"percentile":106},"2025-11-17",0.06239,{"date":108,"score":67,"percentile":109},"2025-11-18",0.0373,{"date":111,"score":67,"percentile":112},"2025-11-19",0.03783,{"date":114,"score":67,"percentile":115},"2025-11-20",0.0385,{"date":117,"score":67,"percentile":118},"2025-11-21",0.06359,{"date":120,"score":67,"percentile":121},"2025-11-22",0.06311,{"date":123,"score":67,"percentile":124},"2025-11-23",0.06289,{"date":126,"score":67,"percentile":127},"2025-11-24",0.06264,{"date":129,"score":67,"percentile":130},"2025-11-25",0.06253,{"date":132,"score":133,"percentile":134},"2025-11-26",0.00027,0.06739,{"date":136,"score":133,"percentile":137},"2025-11-27",0.06735,{"date":139,"score":133,"percentile":140},"2025-11-28",0.06724,{"date":142,"score":133,"percentile":143},"2025-11-29",0.06764,{"date":145,"score":133,"percentile":143},"2025-11-30",{"date":147,"score":133,"percentile":148},"2025-12-01",0.0681,{"date":150,"score":133,"percentile":151},"2025-12-02",0.0682,{"date":153,"score":133,"percentile":154},"2025-12-03",0.06834,{"date":156,"score":133,"percentile":157},"2025-12-04",0.06807,{"date":159,"score":133,"percentile":160},"2025-12-05",0.06851,{"date":162,"score":133,"percentile":163},"2025-12-06",0.06862,{"date":165,"score":133,"percentile":166},"2025-12-07",0.06861,{"date":168,"score":133,"percentile":169},"2025-12-08",0.0687,{"date":171,"score":133,"percentile":172},"2025-12-09",0.06922,{"date":174,"score":133,"percentile":175},"2025-12-10",0.06994,{"date":177,"score":133,"percentile":178},"2025-12-11",0.07015,{"date":180,"score":133,"percentile":181},"2025-12-12",0.07016,{"date":183,"score":184,"percentile":185},"2025-12-13",0.00019,0.04344,{"date":187,"score":184,"percentile":188},"2025-12-14",0.04331,{"date":190,"score":184,"percentile":191},"2025-12-15",0.04287,{"date":193,"score":184,"percentile":194},"2025-12-16",0.04298,{"date":196,"score":184,"percentile":197},"2025-12-17",0.04351,{"date":199,"score":184,"percentile":200},"2025-12-18",0.04384,{"date":202,"score":184,"percentile":203},"2025-12-19",0.04368,{"date":205,"score":184,"percentile":206},"2025-12-20",0.04369,{"date":208,"score":184,"percentile":209},"2025-12-21",0.04398,{"date":211,"score":184,"percentile":212},"2025-12-22",0.04343,{"date":214,"score":184,"percentile":215},"2025-12-23",0.04353,{"date":217,"score":184,"percentile":218},"2025-12-24",0.04373,{"date":220,"score":184,"percentile":221},"2025-12-25",0.04414,{"date":223,"score":184,"percentile":224},"2025-12-26",0.04417,{"date":226,"score":184,"percentile":227},"2025-12-27",0.04419,{"date":229,"score":184,"percentile":230},"2025-12-28",0.04418,{"date":232,"score":184,"percentile":233},"2025-12-29",0.04411,{"date":235,"score":184,"percentile":236},"2025-12-30",0.0435,{"date":238,"score":184,"percentile":239},"2025-12-31",0.04371,{"date":241,"score":184,"percentile":242},"2026-01-01",0.04455,{"date":244,"score":184,"percentile":245},"2026-01-02",0.04458,{"date":247,"score":184,"percentile":248},"2026-01-03",0.04444,{"date":250,"score":184,"percentile":251},"2026-01-04",0.04338,{"date":253,"score":184,"percentile":254},"2026-01-05",0.04293,{"date":256,"score":184,"percentile":257},"2026-01-06",0.04292,{"date":259,"score":184,"percentile":260},"2026-01-07",0.04313,{"date":262,"score":184,"percentile":263},"2026-01-08",0.04347,{"date":265,"score":184,"percentile":197},"2026-01-09",{"date":267,"score":184,"percentile":268},"2026-01-10",0.04357,{"date":270,"score":184,"percentile":271},"2026-01-11",0.04336,{"date":273,"score":184,"percentile":274},"2026-01-12",0.04334,{"date":276,"score":184,"percentile":277},"2026-01-13",0.04326,{"date":279,"score":184,"percentile":206},"2026-01-14",{"date":281,"score":184,"percentile":282},"2026-01-15",0.04283,{"date":284,"score":184,"percentile":285},"2026-01-16",0.0425,{"date":287,"score":184,"percentile":288},"2026-01-17",0.04248,{"date":290,"score":184,"percentile":291},"2026-01-18",0.0423,{"date":293,"score":294,"percentile":295},"2026-01-19",0.00025,0.06184,{"date":297,"score":294,"percentile":298},"2026-01-20",0.06143,{"date":300,"score":294,"percentile":301},"2026-01-21",0.06138,{"date":303,"score":294,"percentile":304},"2026-01-22",0.06106,{"date":306,"score":294,"percentile":307},"2026-01-23",0.06167,{"date":309,"score":294,"percentile":310},"2026-01-24",0.06205,{"date":312,"score":294,"percentile":313},"2026-01-25",0.06152,{"date":315,"score":294,"percentile":316},"2026-01-26",0.06137,{"date":318,"score":294,"percentile":319},"2026-01-27",0.06117,{"date":321,"score":294,"percentile":322},"2026-01-28",0.06092,{"date":324,"score":294,"percentile":325},"2026-01-29",0.06099,{"date":327,"score":294,"percentile":328},"2026-01-30",0.06102,{"date":330,"score":294,"percentile":77},"2026-01-31",{"date":332,"score":294,"percentile":333},"2026-02-01",0.06128,[335,340],{"source":47,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":336,"cvss_v4_0":9},{"baseScore":45,"baseSeverity":337,"vectorString":48,"impactScore":338,"exploitabilityScore":339},"HIGH",8.7,4.6,{"source":53,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":341,"cvss_v4_0":9},{"baseScore":45,"baseSeverity":337,"vectorString":48,"impactScore":338,"exploitabilityScore":339},[343,360],{"ecosystem":9,"name":344,"vendor":345,"product":345,"cpe_part":346,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":347},"Linux","linux","a",[348,355,358],{"version":349,"is_range":350,"range_type":47,"version_start":351,"version_start_type":352,"version_end":353,"version_end_type":354,"fixed_in":9},">= e92eebb0d6116f942ab25dfb1a41905aa59472a8, \u003C 9735a9dcc307427e7d6336c54171682f1bac9789",true,"e92eebb0d6116f942ab25dfb1a41905aa59472a8","including","9735a9dcc307427e7d6336c54171682f1bac9789","excluding",{"version":356,"is_range":350,"range_type":47,"version_start":351,"version_start_type":352,"version_end":357,"version_end_type":354,"fixed_in":9},">= e92eebb0d6116f942ab25dfb1a41905aa59472a8, \u003C 4540f1d23e7f387880ce46d11b5cd3f27248bf8d","4540f1d23e7f387880ce46d11b5cd3f27248bf8d",{"version":359,"is_range":41,"range_type":47,"version_start":359,"version_start_type":352,"version_end":359,"version_end_type":352,"fixed_in":9},"6.14",{"ecosystem":9,"name":361,"vendor":345,"product":362,"cpe_part":363,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":364},"linux kernel","linux_kernel","o",[365,369,371,373,375],{"version":366,"is_range":350,"range_type":367,"version_start":359,"version_start_type":352,"version_end":368,"version_end_type":354,"fixed_in":9},"gte6.14_lt6.16.6","cpe","6.16.6",{"version":370,"is_range":41,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.17:rc1",{"version":372,"is_range":41,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.17:rc2",{"version":374,"is_range":41,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.17:rc3",{"version":376,"is_range":41,"range_type":367,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.17:rc4"]