CVE-2025-39874: 
Linux Debian vulnerability analysis and mitigation

A vulnerability in the Linux kernel's macsec feature has been identified and assigned CVE-2025-39874. The issue involves synchronization of features on RTMNEWLINK where Syzkaller managed to lock the lower device via ETHTOOLSFEATURES. This vulnerability was discovered and disclosed on September 23, 2025, affecting the Linux kernel's networking subsystem (NVD).

The vulnerability occurs due to a synchronization issue between upper and lower features in the macsec implementation. The problem manifests when the lower features become out of sync with the upper features during ETHTOOL_SFEATURES operations. The issue has been assigned a CVSS v3.1 base score of 5.5 with attack vector being Local, attack complexity Low, and requiring Low privileges (Red Hat).

The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. When exploited, it can cause a lock condition in the lower device, potentially leading to a denial of service situation in the networking subsystem (Red Hat).

The issue has been fixed in various Linux distributions including Debian's version 6.16.8-1 and other major distributions. The fix ensures proper synchronization of features after macsec link creation, preventing the need to sync upper flags to the lower device (Debian).