{"id":"AZL-74706","summary":"CVE-2025-39812 affecting package kernel for versions less than 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n  __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n  sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n  sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n  sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n  sctp_get_port net/sctp/socket.c:8523 [inline]\n  sctp_listen_start net/sctp/socket.c:8567 [inline]\n  sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n  __sys_listen_socket net/socket.c:1912 [inline]\n  __sys_listen net/socket.c:1927 [inline]\n  __do_sys_listen net/socket.c:1932 [inline]\n  __se_sys_listen net/socket.c:1930 [inline]\n  __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n  x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n  do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n  sctp_get_port net/sctp/socket.c:8515 [inline]\n  sctp_listen_start net/sctp/socket.c:8567 [inline]\n  sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n  __sys_listen_socket net/socket.c:1912 [inline]\n  __sys_listen net/socket.c:1927 [inline]\n  __do_sys_listen net/socket.c:1932 [inline]\n  __se_sys_listen net/socket.c:1930 [inline]\n  __x64_sys_listen+0x343/0x4c0 net/socket.c:1930","modified":"2026-04-01T05:22:45.497139Z","published":"2025-09-16T13:15:54Z","upstream":["CVE-2025-39812"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39812"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74706.json"}}],"schema_version":"1.7.5"}