Use-After-Free Vulnerability in Linux Kernel's Virtio UML Implementation
CVE-2025-39951

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39951?

A use-after-free vulnerability exists in the virtio UML implementation of the Linux kernel. During the device probing process, if the registration of a virtio device fails, the code incorrectly sets the registered status to true despite the failure. This oversight may result in possible memory corruption, leading to undefined behavior, crashes, or exploitation opportunities in applications utilizing the virtio framework.

Affected Version(s)

Linux 04e5b1fb01834a602acaae2276b67a783a8c6159 < 14c231959a16ca41bfdcaede72483362a8c645d7

Linux 04e5b1fb01834a602acaae2276b67a783a8c6159 < 5e94e44c9cb30d7a383d8ac227f24a8c9326b770

Linux 04e5b1fb01834a602acaae2276b67a783a8c6159

References

https://git.kernel.org/stable/c/14c231959a16ca41bfdcaede7...

https://git.kernel.org/stable/c/5e94e44c9cb30d7a383d8ac22...

https://git.kernel.org/stable/c/aaf900a83508c8cd5cdf765e7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON