CVE-2025-21715

HIGH

Linux Kernel 4.4.262-4.5 - Use-After-Free in dm9000_drv_remove

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot be used after free_netdev() call. Using dm after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. This is similar to the issue fixed in commit ad297cd2db89 ("net: qcom/emac: fix UAF in emac_remove"). This bug is detected by our static analysis tool.

References (10)

Core 10
Core References

Scores

CVSS v3 7.8
EPSS 0.0020
EPSS Percentile 9.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (31)
Linux/Linux < 5.12
Linux/Linux 4.14.226 - 4.15
Linux/Linux 4.19.181 - 4.20
Linux/Linux 4.4.262 - 4.5
Linux/Linux 4.9.262 - 4.10
Linux/Linux 427b3fc3d5244fef9c1f910a9c699f2690642f83
Linux/Linux 4fd0654b8f2129b68203974ddee15f804ec011c2 - a53cb72043443ac787ec0b5fa17bb3f8ff3d462b
Linux/Linux 5.10.235 - 5.10.*
Linux/Linux 5.10.24 - 5.10.235
Linux/Linux 5.11.7 - 5.12
... and 21 more
Published Feb 27, 2025
Tracked Since Feb 18, 2026