Use-After-Free Vulnerability in Xilinx CAN Driver of Linux Kernel
CVE-2025-39873

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-39873?

A use-after-free condition exists in the Xilinx CAN driver of the Linux kernel, specifically within the xcan_write_frame() function. This vulnerability arises because the can_put_echo_skb() function, which takes ownership of the socket buffer (SKB), may allow the SKB to be freed during or after execution. Consequently, xcan_write_frame() continues to reference the freed SKB, leading to potential instability or security risks. The issue has been addressed by ensuring that can_put_echo_skb() is called only after all operations on the SKB are complete, maintaining the integrity of transmitted data and enhancing overall system reliability.

Affected Version(s)

Linux 1598efe57b3e768056e4ca56cb9cf33111e68d1c < 1139321161a3ba5e45e61e0738b37f42f20bc57a

Linux 1598efe57b3e768056e4ca56cb9cf33111e68d1c < 94b050726288a56a6b8ff55aa641f2fedbd3b44c

Linux 1598efe57b3e768056e4ca56cb9cf33111e68d1c < 725b33deebd6e4c96fe7893f384510a54258f28f

References

https://git.kernel.org/stable/c/1139321161a3ba5e45e61e073...

https://git.kernel.org/stable/c/94b050726288a56a6b8ff55aa...

https://git.kernel.org/stable/c/725b33deebd6e4c96fe7893f3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Apr 16, 2025

JSON