Memory Management Vulnerability in Linux Kernel Affecting Device Handling
CVE-2025-39872

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-39872?

A vulnerability exists in the Linux kernel related to the hsr_get_port_ndev function, which requires proper management of the Read-Copy-Update (RCU) lock and device locking. Failure to hold these locks appropriately can lead to a use-after-free condition in the caller function, potentially allowing unauthorized access to device references. This presents risks to system integrity and can be exploited if not properly mitigated.

Affected Version(s)

Linux 9c10dd8eed74de9e8adeb820939f8745cd566d4a < 68a6729afd3e8e9a2a32538642ce92b96ccf9b1d

Linux 9c10dd8eed74de9e8adeb820939f8745cd566d4a < 847748fc66d08a89135a74e29362a66ba4e3ab15

Linux 6.14

References

https://git.kernel.org/stable/c/68a6729afd3e8e9a2a3253864...

https://git.kernel.org/stable/c/847748fc66d08a89135a74e29...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Apr 16, 2025

JSON