CVE-2025-39873
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put_echo_skb() takes ownership of the SKB and it may be freed during or after the call. However, xilinx_can xcan_write_frame() keeps using SKB after the call. Fix that by only calling can_put_echo_skb() after the code is done touching the SKB. The tx_lock is held for the entire xcan_write_frame() execution and also on the can_get_echo_skb() side so the order of operations does not matter. An earlier fix commit 3d3c817c3a40 ("can: xilinx_can: Fix usage of skb memory") did not move the can_put_echo_skb() call far enough. [mkl: add "commit" in front of sha1 in patch description] [mkl: fix indention]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39873
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
xilinx xilinx_can *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free issue in the Linux kernel's xilinx_can driver, specifically in the xcan_write_frame() function. The function can_put_echo_skb() takes ownership of a socket buffer (SKB) and may free it during or after its call. However, xcan_write_frame() continues to use the SKB after can_put_echo_skb() has been called, leading to use of freed memory. The fix involves ensuring can_put_echo_skb() is only called after the code has finished using the SKB to prevent this unsafe memory access.

Impact Analysis

This use-after-free vulnerability can lead to undefined behavior such as system crashes, memory corruption, or potential execution of arbitrary code within the Linux kernel. This can compromise system stability and security, potentially allowing attackers to disrupt services or escalate privileges.

Mitigation Strategies

Apply the patch that fixes the use-after-free vulnerability in the xilinx_can driver by ensuring that can_put_echo_skb() is only called after the SKB is no longer used in xcan_write_frame(). This involves updating the Linux kernel to a version that includes the fix described in the commit referenced in the CVE.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39873. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart