Vulnerability Lookup

🛡️ CVE-2025-39795

🟡 CVSS 5.5 — Medium ✅ No Known Exploit CWE-674 NVD

5.5

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size value. However, by finding the chunk_sectors value in bytes, we may overflow the unsigned int which holds chunk_sectors, so change the check to be based on sectors.

Details

Severity MEDIUM

CVSS Score 5.5

CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE CWE-674

Public Exploit ✅ No

Source NVD

Published 2025-09-12

Updated 2026-06-02

Modified 2026-05-12

Fix URL https://git.kernel.org/stable/c/14beeef4aafecc8a41de534e31fb5be94739392f

Affected Packages

Software	From version	Fixed in
debian-linux	—	—
linux-kernel	6.16	6.16.2

References

Patch https://git.kernel.org/stable/c/14beeef4aafecc8a41de534e31fb5be94739392f

Patch https://git.kernel.org/stable/c/31f2f080898e50cbf2bae62d35f9f2a997547b38

Patch https://git.kernel.org/stable/c/3b9d69f0e68aa6b0acd9791c45d445154a8c66e9

Patch https://git.kernel.org/stable/c/418751910044649baa2b424ea31cce3fc4dcc253

Patch https://git.kernel.org/stable/c/448dfecc7ff807822ecd47a5c052acedca7d09e8

Patch https://git.kernel.org/stable/c/46aa80ef49594ed7de685ecbc673b291e9a2c159

Patch https://git.kernel.org/stable/c/5e276e6ff9aacf8901b9c3265c3cdd2568c9fff2

Patch https://git.kernel.org/stable/c/8b3ce085b52e674290cbfdd07034e7653ffbe4dc

Third Party Advisory https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Running software with known vulnerabilities?

Company

Resources

Services

Trusted

Subscribe