Use-After-Free Vulnerability in Linux Kernel Network Driver by Davicom
CVE-2025-21715

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

What is CVE-2025-21715?

A vulnerability has been identified in the Linux kernel, specifically within the Davicom network driver. The issue occurs due to improper handling of the netdev private data, which may lead to a use-after-free condition when free_netdev() is invoked. This flaw allows for the potential execution of code or access to sensitive data following the improper release of resources. The issue has been addressed by rearranging the order of operations in the dm9000_drv_remove function, ensuring that resources are not accessed after they have been freed. This aligns with best practices for memory management in network drivers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux d28e783c20033b90a64d4e1307bafb56085d8184

Linux 4fd0654b8f2129b68203974ddee15f804ec011c2

Linux cf9e60aa69ae6c40d3e3e4c94dd6c8de31674e9b < 7d7d201eb3b766abe590ac0dda7a508b7db3e357

References

https://git.kernel.org/stable/c/db79e982c5f9e39ab710cbce5...

https://git.kernel.org/stable/c/a53cb72043443ac787ec0b5fa...

https://git.kernel.org/stable/c/7d7d201eb3b766abe590ac0dd...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024

JSON

Linux

What is CVE-2025-21715?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.