Use-After-Free Vulnerability in Linux Kernel's I2C Device Driver for TC358743
CVE-2025-39995

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
15 October 2025

What is CVE-2025-39995?

A use-after-free vulnerability exists in the Linux kernel's I2C device driver for the TC358743. The issue arises during probe operations after timer initialization when orphaned timers continue running and reference a released state object. Specifically, the cyclic timer 'state->timer' doesn't guarantee termination before being destroyed, potentially leading to unsafe memory accesses and unpredictable behavior. This flaw can be leveraged via static analysis and emulated device interactions, highlighting the critical need for proper timer management to ensure system integrity and stability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux d32d98642de66048f9534a05f3641558e811bbc9 < 9205fb6e617a1c596d9a9ad2a160ee696e09d520

Linux d32d98642de66048f9534a05f3641558e811bbc9 < 70913586c717dd25cfbade7a418e92cc9c99398a

Linux d32d98642de66048f9534a05f3641558e811bbc9 < 663faf1179db9663a3793c75e9bc869358bad910

References

https://git.kernel.org/stable/c/9205fb6e617a1c596d9a9ad2a...
https://git.kernel.org/stable/c/70913586c717dd25cfbade7a4...
https://git.kernel.org/stable/c/663faf1179db9663a3793c75e...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.