Use-After-Free Vulnerability in Linux Kernel Network Driver by Davicom

CVE-2025-21715

Summary

A vulnerability has been identified in the Linux kernel, specifically within the Davicom network driver. The issue occurs due to improper handling of the netdev private data, which may lead to a use-after-free condition when free_netdev() is invoked. This flaw allows for the potential execution of code or access to sensitive data following the improper release of resources. The issue has been addressed by rearranging the order of operations in the dm9000_drv_remove function, ensuring that resources are not accessed after they have been freed. This aligns with best practices for memory management in network drivers.

References