Linux Kernel Vulnerability in PCI Endpoint Driver Management
CVE-2025-39783

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
11 September 2025

What is CVE-2025-39783?

A vulnerability in the Linux kernel was identified in the PCI endpoint driver management, where an improper handler for the configfs group list head could trigger a use-after-free condition. The issue arises from executing a list_del() on a field that should not be modified in that manner, especially when tearing down an endpoint function driver that has a configfs attribute group. This oversight can lead to potential system instability and security risks, as demonstrated by the KASAN warning during the removal process. A correction has been made to prevent this error by removing the incorrect list_del() call within the pci_epf_remove_cfs() function.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux ef1433f717a2c63747a519d86965d73ff9bd08b3 < 80ea6e6904fb2ba4ccb5d909579988466ec65358

Linux ef1433f717a2c63747a519d86965d73ff9bd08b3

Linux ef1433f717a2c63747a519d86965d73ff9bd08b3

References

https://git.kernel.org/stable/c/80ea6e6904fb2ba4ccb5d9095...
https://git.kernel.org/stable/c/d5aecddc3452371d9da82cdbb...
https://git.kernel.org/stable/c/dc4ffbd571716ff3b171418fb...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.