CVE-2025-39770 (CNNVD-202509-1614)

UNKNOWN
中文标题:
Linux kernel 安全漏洞
英文标题:
net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
CVSS分数: N/A
发布时间: 2025-09-11 16:56:24
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v4
漏洞描述
中文描述:

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于GSO栈未正确禁用IPv6校验和卸载功能,可能导致设备不支持的操作和网络吞吐量下降。

英文描述:

In the Linux kernel, the following vulnerability has been resolved: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM When performing Generic Segmentation Offload (GSO) on an IPv6 packet that contains extension headers, the kernel incorrectly requests checksum offload if the egress device only advertises NETIF_F_IPV6_CSUM feature, which has a strict contract: it supports checksum offload only for plain TCP or UDP over IPv6 and explicitly does not support packets with extension headers. The current GSO logic violates this contract by failing to disable the feature for packets with extension headers, such as those used in GREoIPv6 tunnels. This violation results in the device being asked to perform an operation it cannot support, leading to a `skb_warn_bad_offload` warning and a collapse of network throughput. While device TSO/USO is correctly bypassed in favor of software GSO for these packets, the GSO stack must be explicitly told not to request checksum offload. Mask NETIF_F_IPV6_CSUM, NETIF_F_TSO6 and NETIF_F_GSO_UDP_L4 in gso_features_check if the IPv6 header contains extension headers to compute checksum in software. The exception is a BIG TCP extension, which, as stated in commit 68e068cabd2c6c53 ("net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets"): "The feature is only enabled on devices that support BIG TCP TSO. The header is only present for PF_PACKET taps like tcpdump, and not transmitted by physical devices." kernel log output (truncated): WARNING: CPU: 1 PID: 5273 at net/core/dev.c:3535 skb_warn_bad_offload+0x81/0x140 ... Call Trace: <TASK> skb_checksum_help+0x12a/0x1f0 validate_xmit_skb+0x1a3/0x2d0 validate_xmit_skb_list+0x4f/0x80 sch_direct_xmit+0x1a2/0x380 __dev_xmit_skb+0x242/0x670 __dev_queue_xmit+0x3fc/0x7f0 ip6_finish_output2+0x25e/0x5d0 ip6_finish_output+0x1fc/0x3f0 ip6_tnl_xmit+0x608/0xc00 [ip6_tunnel] ip6gre_tunnel_xmit+0x1c0/0x390 [ip6_gre] dev_hard_start_xmit+0x63/0x1c0 __dev_queue_xmit+0x6d0/0x7f0 ip6_finish_output2+0x214/0x5d0 ip6_finish_output+0x1fc/0x3f0 ip6_xmit+0x2ca/0x6f0 ip6_finish_output+0x1fc/0x3f0 ip6_xmit+0x2ca/0x6f0 inet6_csk_xmit+0xeb/0x150 __tcp_transmit_skb+0x555/0xa80 tcp_write_xmit+0x32a/0xe90 tcp_sendmsg_locked+0x437/0x1110 tcp_sendmsg+0x2f/0x50 ... skb linear: 00000000: e4 3d 1a 7d ec 30 e4 3d 1a 7e 5d 90 86 dd 60 0e skb linear: 00000010: 00 0a 1b 34 3c 40 20 11 00 00 00 00 00 00 00 00 skb linear: 00000020: 00 00 00 00 00 12 20 11 00 00 00 00 00 00 00 00 skb linear: 00000030: 00 00 00 00 00 11 2f 00 04 01 04 01 01 00 00 00 skb linear: 00000040: 86 dd 60 0e 00 0a 1b 00 06 40 20 23 00 00 00 00 skb linear: 00000050: 00 00 00 00 00 00 00 00 00 12 20 23 00 00 00 00 skb linear: 00000060: 00 00 00 00 00 00 00 00 00 11 bf 96 14 51 13 f9 skb linear: 00000070: ae 27 a0 a8 2b e3 80 18 00 40 5b 6f 00 00 01 01 skb linear: 00000080: 08 0a 42 d4 50 d5 4b 70 f8 1a

CWE类型:
(暂无数据)
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Linux Linux bcefc3cd7f592a70fcbbbfd7ad1fbc69172ea78b - - cpe:2.3:a:linux:linux:bcefc3cd7f592a70fcbbbfd7ad1fbc69172ea78b:*:*:*:*:*:*:*
Linux Linux 477b35d94a21530046fe91589960732fcf2b29ed - - cpe:2.3:a:linux:linux:477b35d94a21530046fe91589960732fcf2b29ed:*:*:*:*:*:*:*
Linux Linux a27a5c40ee4cbe00294e2c76160de5f2589061ba - - cpe:2.3:a:linux:linux:a27a5c40ee4cbe00294e2c76160de5f2589061ba:*:*:*:*:*:*:*
Linux Linux 9f605135a5c0fe614c2b15197b9ced1e217eca59 - - cpe:2.3:a:linux:linux:9f605135a5c0fe614c2b15197b9ced1e217eca59:*:*:*:*:*:*:*
Linux Linux 705350fbd6ed4b5d89ee045fa57a0594a72b17d7 - - cpe:2.3:a:linux:linux:705350fbd6ed4b5d89ee045fa57a0594a72b17d7:*:*:*:*:*:*:*
Linux Linux 6.12 - - cpe:2.3:a:linux:linux:6.12:*:*:*:*:*:*:*
linux linux_kernel * - - cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel 6.12 - - cpe:2.3:o:linux:linux_kernel:6.12:-:*:*:*:*:*:*
linux linux_kernel 6.17 - - cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*
debian debian_linux 11.0 - - cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
CVSS评分详情
暂无CVSS评分信息
时间信息
发布时间:
2025-09-11 16:56:24
修改时间:
2025-11-03 17:43:12
创建时间:
2025-11-11 15:40:29
更新时间:
2026-01-17 06:00:14
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-39770 2025-11-11 15:23:19 2025-11-11 07:40:29
NVD nvd_CVE-2025-39770 2025-11-11 15:01:02 2025-11-11 07:48:18
CNNVD cnnvd_CNNVD-202509-1614 2025-11-11 15:12:57 2025-11-11 08:00:10
版本与语言
当前版本: v4
主要语言: EN
支持语言:
ZH EN
安全公告
暂无安全公告信息
变更历史
v4 NVD
2026-01-17 06:00:14
affected_products_count: 6 → 10
查看详细变更
  • affected_products_count: 6 -> 10
v3 CNNVD
2025-11-11 16:00:10
vulnerability_type: 未提取 → 其他; severity: SeverityLevel.MEDIUM → SeverityLevel.UNKNOWN; cvss_score: 未提取 → 0.0; cnnvd_id: 未提取 → CNNVD-202509-1614; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.UNKNOWN
  • cvss_score: 未提取 -> 0.0
  • cnnvd_id: 未提取 -> CNNVD-202509-1614
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:48:18
references_count: 5 → 6; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • references_count: 5 -> 6
  • data_sources: ['cve'] -> ['cve', 'nvd']