Linux Kernel Vulnerability in PCI Endpoint Driver Management
CVE-2025-39783

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39783?

A vulnerability in the Linux kernel was identified in the PCI endpoint driver management, where an improper handler for the configfs group list head could trigger a use-after-free condition. The issue arises from executing a list_del() on a field that should not be modified in that manner, especially when tearing down an endpoint function driver that has a configfs attribute group. This oversight can lead to potential system instability and security risks, as demonstrated by the KASAN warning during the removal process. A correction has been made to prevent this error by removing the incorrect list_del() call within the pci_epf_remove_cfs() function.

Affected Version(s)

Linux ef1433f717a2c63747a519d86965d73ff9bd08b3 < 80ea6e6904fb2ba4ccb5d909579988466ec65358

Linux ef1433f717a2c63747a519d86965d73ff9bd08b3

References

https://git.kernel.org/stable/c/80ea6e6904fb2ba4ccb5d9095...

https://git.kernel.org/stable/c/d5aecddc3452371d9da82cdbb...

https://git.kernel.org/stable/c/dc4ffbd571716ff3b171418fb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025