Media Remote Control Driver Vulnerability in Linux Kernel
CVE-2025-39993
What is CVE-2025-39993?
A vulnerability has been identified in the iMON driver within the Linux kernel, where improper release of the USB device reference during the disconnect process can lead to a use-after-free condition. Specifically, the lack of coordination between the disconnection routine and active users of the device results in potential exploitation opportunities. When the device is disconnected, active operations may still be in progress, creating a situation where the device reference can be freed while still in use. This flaw underscores the necessity for improved locking mechanisms to synchronously manage device availability and user access, ensuring data integrity and system stability.
Affected Version(s)
Linux 21677cfc562a27e099719d413287bc8d1d24deb7 < 71096a6161a25e84acddb89a9d77f138502d26ab
Linux 21677cfc562a27e099719d413287bc8d1d24deb7 < 71da40648741d15b302700b68973fe8b382aef3c
Linux 21677cfc562a27e099719d413287bc8d1d24deb7