CVE-2025-39872
BaseFortify
Publication date: 2025-09-23
Last updated on: 2025-12-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.14 (inc) to 6.16.8 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's hsr (High-availability Seamless Redundancy) module. Specifically, the function hsr_get_port_ndev calls hsr_for_each_port, which requires holding an RCU (Read-Copy-Update) lock. Additionally, before returning the port device, the device reference must be held to avoid a Use-after-Free (UaF) condition in the caller function. The vulnerability was resolved by ensuring that both the RCU lock and the device lock are held properly during this operation.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to a Use-after-Free (UaF) condition in the Linux kernel's hsr module. UaF vulnerabilities can cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges, leading to a compromise of system security.