CVE-2025-39828

7.8 HIGH

📋 TL;DR

This CVE-2025-39828 is a Linux kernel vulnerability in the ATM subsystem that allows arbitrary kernel memory writes via specially crafted sendmsg() calls. Attackers can exploit this to potentially execute arbitrary code with kernel privileges. Systems running vulnerable Linux kernel versions with ATM support are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Versions before the fix commits (specific versions depend on distribution backports)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if ATM subsystem is enabled and configured. Many distributions don't enable ATM by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full kernel compromise leading to arbitrary code execution, privilege escalation to root, and complete system takeover.

🟠

Likely Case

Kernel panic leading to denial of service, or limited kernel memory corruption allowing privilege escalation.

🟢

If Mitigated

No impact if ATM subsystem is disabled or patched.

🌐 Internet-Facing: LOW - ATM protocol is typically used in internal networking scenarios, not internet-facing services.

🏢 Internal Only: MEDIUM - Requires local access or network access to ATM-enabled interfaces, but can lead to significant privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires sendmsg() access to ATM sockets. The syzbot report shows successful triggering but not full weaponization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 0a6a6d4fb333f7afe22e59ffed18511a7a98efc8, 33f9e6dc66b32202b95fc861e6b3ea4b0c185b0b, 3ab9f5ad9baefe6d3d4c37053cdfca2761001dfe, 3c80c230d6e3e6f63d43f4c3f0bb344e3e8b119b, 51872b26429077be611b0a1816e0e722278015c3

Vendor Advisory: https://git.kernel.org/stable/c/0a6a6d4fb333f7afe22e59ffed18511a7a98efc8

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable ATM subsystem

linux

Remove ATM kernel module support if not needed

modprobe -r atm
echo 'blacklist atm' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Disable ATM subsystem completely via kernel module blacklisting
Restrict access to ATM sockets using SELinux/AppArmor policies

🔍 How to Verify

Check if Vulnerable:

Check if ATM module is loaded: lsmod | grep atm. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check /proc/version or uname -r against patched versions.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages mentioning atmtcp_recv_control or atmtcp_c_send
General protection fault errors in kernel logs

Network Indicators:

Unusual ATM socket activity from untrusted sources

SIEM Query:

source="kernel" AND ("atmtcp_recv_control" OR "general protection fault" OR "KASAN: user-memory-access")

📊 Metadata

CVE ID: CVE-2025-39828

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score: 0.01% exploit probability (1th percentile)

Published: September 16, 2025

Last Updated: January 16, 2026

🔗 References

https://git.kernel.org/stable/c/0a6a6d4fb333f7afe22e59ffed18511a7a98efc8 Patch
https://git.kernel.org/stable/c/33f9e6dc66b32202b95fc861e6b3ea4b0c185b0b Patch
https://git.kernel.org/stable/c/3ab9f5ad9baefe6d3d4c37053cdfca2761001dfe Patch
https://git.kernel.org/stable/c/3c80c230d6e3e6f63d43f4c3f0bb344e3e8b119b Patch
https://git.kernel.org/stable/c/51872b26429077be611b0a1816e0e722278015c3 Patch
https://git.kernel.org/stable/c/62f368472b0aa4b5d91d9b983152855c6b6d8925 Patch
https://git.kernel.org/stable/c/b502f16bad8f0a4cfbd023452766f21bfda39dde Patch
https://git.kernel.org/stable/c/ec79003c5f9d2c7f9576fc69b8dbda80305cbe3a Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List