Use-After-Free Vulnerability in Linux Kernel Affects PTP OCP Functionality
CVE-2025-39859

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39859?

A use-after-free vulnerability has been identified in the PTP OCP implementation within the Linux kernel. This issue arises when the ptp_ocp_detach() function shuts down the watchdog timer only if it is pending. If, however, the timer handler is already executing while the relevant device link is deallocated, it results in race conditions that lead to use-after-free scenarios. The vulnerability can cause serious stability issues as access to freed memory can occur when the timer handler continues to reference deallocated resources. The flaw has been addressed by ensuring that the timer is unconditionally deleted, which prevents such accesses after deallocation.

Affected Version(s)

Linux 773bda96492153e11d21eb63ac814669b51fc701

Linux 773bda96492153e11d21eb63ac814669b51fc701 < 8bf935cf789872350b04c1a6468b0a509f67afb2

Linux 5.15

References

https://git.kernel.org/stable/c/f10d3c7267ac7387a5129d550...

https://git.kernel.org/stable/c/8bf935cf789872350b04c1a64...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025