Use After Free Vulnerability in Linux Kernel Tun Driver
CVE-2025-39984

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
15 October 2025

What is CVE-2025-39984?

A use-after-free vulnerability exists in the Linux kernel's tun driver, specifically during the handling of network packets processed by the XDP (Express Data Path). When the XDP program is attached, an original socket buffer (skb) may be freed prematurely, while the napi structure still references it, leading to potential instability or compromise. The issue arises when the skb is cleared, but the napi's reference is not updated accordingly, which could allow malicious actors to exploit the freed memory, resulting in security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux e6d5dbdd20aa6a86974af51deb9414cd2e7794cb < 953200d56fc23eebf80a5ad9eed6e2e8a3065093

Linux e6d5dbdd20aa6a86974af51deb9414cd2e7794cb < 1697577e1669b0321d02cd848384a5d33e284296

Linux e6d5dbdd20aa6a86974af51deb9414cd2e7794cb < 1091860a16a86ccdd77c09f2b21a5f634f5ab9ec

References

https://git.kernel.org/stable/c/953200d56fc23eebf80a5ad9e...
https://git.kernel.org/stable/c/1697577e1669b0321d02cd848...
https://git.kernel.org/stable/c/1091860a16a86ccdd77c09f2b...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.