Use-After-Free Vulnerability in Linux Kernel Affecting Device Management
CVE-2025-39871

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
23 September 2025

What is CVE-2025-39871?

A use-after-free vulnerability was detected in the Linux kernel’s dmaengine subsystem, specifically when handling device management in the idxd driver. The improper call to idxd_free() on device removal led to a reference count underflow, exposing the system to potential memory corruption. This can occur during module unload, particularly when CONFIG_DEBUG_KOBJECT_RELEASE is enabled, as it can trigger delayed work that interferes with memory management. Removing the unnecessary idxd_free() resolves these issues, preventing both memory leaks and crashes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 68ac5a01f635b3791196fd1c39bc48497252c36f < 24414bbcb37e1af95190af36c21ae51d497e1a9e

Linux d2d05fd0fc95c4defed6f7b87550e20e8baa1d97 < 0e95ee7f532b21206fe3f1c4054002b0d21e3b9c

Linux 21f9f5cd9a0c75084d4369ba0b8c4f695c41dea7

References

https://git.kernel.org/stable/c/24414bbcb37e1af95190af36c...
https://git.kernel.org/stable/c/0e95ee7f532b21206fe3f1c40...
https://git.kernel.org/stable/c/dd7a7e43269711d757fc260b0...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.