Linux Kernel Vulnerability in mISDN hfcpci Module
CVE-2025-39833

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39833?

A vulnerability in the mISDN hfcpci module of the Linux kernel can lead to errors during module unloading. When the CONFIG_DEBUG_OBJECTS_TIMERS is enabled, attempting to remove the hfcpci module can trigger warnings indicating that an assertion for an uninitialized timer is failing. Specifically, a warning occurs if the timer associated with hfc_tl is not properly initialized. This issue can lead to log clutter and potentially unstable behavior in systems that rely on this module. The resolution involves initializing timers correctly using the DEFINE_TIMER macro and utilizing mod_timer instead of manual timeout updates to ensure stability.

Affected Version(s)

Linux 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 < 43fc5da8133badf17f5df250ba03b9d882254845

Linux 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 < 97766512a9951b9fd6fc97f1b93211642bb0b220

Linux 2.6.29

References

https://git.kernel.org/stable/c/43fc5da8133badf17f5df250b...

https://git.kernel.org/stable/c/97766512a9951b9fd6fc97f1b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025