{
  "affected": [
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:14",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.16.9-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:  rxrpc: Fix untrusted unsigned subtract  Fix the following Smatch static checker warning:     net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket()    warn: untrusted unsigned subtract. 'ticket_len - 10 * 4'  by prechecking the length of what we're trying to extract in two places in the token and decoding for a response packet.  Also use sizeof() on the struct we're extracting rather specifying the size numerically to be consistent with the other related statements.",
  "id": "DEBIAN-CVE-2025-39962",
  "modified": "2026-04-28T19:49:41.241188492Z",
  "published": "2025-10-09T13:15:32.390Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security-tracker.debian.org/tracker/CVE-2025-39962"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "upstream": [
    "CVE-2025-39962"
  ]
}