CVE-2025-39770: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's Generic Segmentation Offload (GSO) functionality was discovered and assigned CVE-2025-39770. The issue affects the handling of IPv6 packets with extension headers when devices only support the NETIFFIPV6_CSUM feature. The vulnerability was disclosed on September 11, 2025 (NVD Database).

When performing Generic Segmentation Offload (GSO) on an IPv6 packet containing extension headers, the kernel incorrectly requests checksum offload if the egress device only advertises NETIFFIPV6_CSUM feature. This feature has a strict contract that only supports checksum offload for plain TCP or UDP over IPv6 and explicitly does not support packets with extension headers. The GSO logic violates this contract by failing to disable the feature for packets with extension headers, such as those used in GREoIPv6 tunnels (NVD Database).

The vulnerability results in the device being asked to perform an operation it cannot support, leading to a skb_warn_bad_offload warning and a collapse of network throughput. While device TSO/USO is correctly bypassed in favor of software GSO for these packets, the improper handling affects network performance (NVD Database).

The fix involves masking NETIFFIPV6CSUM, NETIFFTSO6 and NETIFFGSOUDPL4 in gsofeatures_check if the IPv6 header contains extension headers to compute checksum in software. An exception is made for BIG TCP extension, which is only enabled on devices that support BIG TCP TSO (NVD Database).