CVE-2025-39997
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition leading to a Use-After-Free (UAF) in the Linux kernel's ALSA usb-audio driver. Specifically, the issue arises because the error timer is killed after the USB endpoint is deleted, which can cause rare race conditions where freed memory is accessed. Additionally, missing cleanup for USB Request Blocks (urb) means that freed memory can be accessed in interrupt context, potentially causing UAF. The fix involves killing the error timer and urb before freeing the heap memory to prevent these race conditions.
How can this vulnerability impact me? :
This vulnerability can lead to Use-After-Free conditions in the Linux kernel's usb-audio subsystem, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges by exploiting the freed memory access in interrupt context.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the ALSA usb-audio race condition and use-after-free (UAF) issue. The fix involves proper killing of the error timer and urb before freeing heap memory to prevent race conditions. Applying the latest kernel patches or updates from your Linux distribution vendor is recommended.