CVE-2025-39840 Affecting kernel-rt-64k-debug-modules-internal package, versions *


Severity

Recommended
medium

Based on CentOS security rating.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS9-KERNELRT64KDEBUGMODULESINTERNAL-12990360
  • published20 Sept 2025
  • disclosed19 Sept 2025

Introduced: 19 Sep 2025

NewCVE-2025-39840  (opens in a new tab)

How to fix?

There is no fixed version for Centos:9 kernel-rt-64k-debug-modules-internal.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-rt-64k-debug-modules-internal package and not the kernel-rt-64k-debug-modules-internal package as distributed by Centos. See How to fix? for Centos:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

audit: fix out-of-bounds read in audit_compare_dname_path()

When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can occur in audit_compare_dname_path().

The helper parent_len() returns 1 for "/". In audit_compare_dname_path(), when parentlen equals the full path length (1), the code sets p = path + 1 and pathlen = 1 - 1 = 0. The subsequent loop then dereferences p[pathlen - 1] (i.e., p[-1]), causing an out-of-bounds read.

Fix this by adding a pathlen > 0 check to the while loop condition to prevent the out-of-bounds access.

[PM: subject tweak, sign-off email fixes]

CVSS Base Scores

version 3.1