Memory Management Flaw in Linux Kernel Affects MHI Host
CVE-2025-39790
What is CVE-2025-39790?
The vulnerability in the Linux kernel affects the MHI host, specifically how completion events from remote devices are processed. When a completion event contains a pointer to a Transfer Request Element (TRE), the host relies on this pointer to process events. Issues arise when the event is sent for a transaction that is not synchronized with the host's current read pointer, leading the host to potentially access stale data. If this stale data is freed while still being referenced, it results in a double-free condition, which can be exploited to compromise system stability or security. This vulnerability highlights the importance of ensuring proper synchronization between the host and device events, particularly when multiple elements are involved.
Affected Version(s)
Linux 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 < 7b3f0e3b60c27f4fcb69927d84987e5fd6240530
Linux 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 < 4079c6c59705b96285219b9efc63cab870d757b7
Linux 1d3173a3bae7039b765a0956e3e4bf846dbaacb8 < 5e17429679a8545afe438ce7a82a13a54e8ceabb