CVE-2025-39872

MEDIUM

Linux kernel - Use After Free

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.

References (3)

[Patch] https://git.kernel.org/stable/c/9433ba79c2ec3ec7c9a711748701549339c3438c

[Patch] https://git.kernel.org/stable/c/68a6729afd3e8e9a2a32538642ce92b96ccf9b1d

[Patch] https://git.kernel.org/stable/c/847748fc66d08a89135a74e29362a66ba4e3ab15

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

Status published

Affected Products (8)

linux/linux_kernel < 6.16.8

linux/linux_kernel

linux/Kernel < 6.12.64linux

linux/Kernel < 6.16.8linux

Timeline

Published Sep 23, 2025

Tracked Since Feb 18, 2026