Use-After-Free Vulnerability in Linux Kernel's I2C Device Driver for TC358743
CVE-2025-39995

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-39995?

A use-after-free vulnerability exists in the Linux kernel's I2C device driver for the TC358743. The issue arises during probe operations after timer initialization when orphaned timers continue running and reference a released state object. Specifically, the cyclic timer 'state->timer' doesn't guarantee termination before being destroyed, potentially leading to unsafe memory accesses and unpredictable behavior. This flaw can be leveraged via static analysis and emulated device interactions, highlighting the critical need for proper timer management to ensure system integrity and stability.

Affected Version(s)

Linux d32d98642de66048f9534a05f3641558e811bbc9 < 3d17701c156579969470e58b3a906511f8bc018d

Linux d32d98642de66048f9534a05f3641558e811bbc9 < 228d06c4cbfc750f1216a3fd91b4693b0766d2f6

Linux d32d98642de66048f9534a05f3641558e811bbc9

References

https://git.kernel.org/stable/c/3d17701c156579969470e58b3...

https://git.kernel.org/stable/c/228d06c4cbfc750f1216a3fd9...

https://git.kernel.org/stable/c/f92181c0e13cad9671d07b15b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Apr 16, 2025

JSON