Use-After-Free Vulnerability in Linux Kernel Affecting OcteonTX2 Products
CVE-2025-39944

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39944?

A use-after-free vulnerability exists in the Linux kernel's handling of OcteonTX2 products. This vulnerability arises from the improper cancellation of delayed work items in the 'otx2_ptp_destroy()' function, which may lead to race conditions. When 'otx2_ptp' is deallocated while the delayed work item 'synctstamp_work' is still active, it can result in attempts to dereference the deallocated memory. To mitigate this issue, the code should replace 'cancel_delayed_work()' with 'cancel_delayed_work_sync()' to ensure that all delayed works are finalized before deallocation occurs, thus preventing potential exploitation.

Affected Version(s)

Linux 2958d17a898416c6193431676f6130b68a2cb9fc < 2786879aebf363806a13d41e8d5f99202ddd23d9

Linux 2958d17a898416c6193431676f6130b68a2cb9fc

References

https://git.kernel.org/stable/c/2786879aebf363806a13d41e8...

https://git.kernel.org/stable/c/d2cfefa14ce8137b17f99683f...

https://git.kernel.org/stable/c/ff27e23b311fed4d25e3852e2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON