Linux Kernel Vulnerability in j1939 Protocol by The Linux Foundation
CVE-2025-39925

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39925?

A vulnerability exists in the Linux kernel's j1939 protocol that impacts the handling of network devices. When the NETDEV_UNREGISTER notification is not implemented, it leads to an issue where the usage count for the virtual CAN device, vcan0, does not decrement correctly. This happens because the j1939_sk_bind() function retains an extra reference to the structure j1939_priv, preventing the expected release of resources when unregistering the network device. To address this, the NETDEV_UNREGISTER notification handler needs to appropriately manage the reference counting for j1939_priv, enabling a clean unbinding process without resource leaks.

Affected Version(s)

Linux 9d71dd0c70099914fcd063135da3c580865e924c

Linux 9d71dd0c70099914fcd063135da3c580865e924c < 7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a

Linux 5.4

References

https://git.kernel.org/stable/c/da9e8f429139928570407e8f9...

https://git.kernel.org/stable/c/7fcbe5b2c6a4b5407bf2241fd...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON