Use-After-Free Vulnerability in B2C2 FlexCop PCI Device by Linux Kernel
CVE-2025-39996

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
15 October 2025

What is CVE-2025-39996?

A use-after-free vulnerability exists in the Linux kernel related to the handling of the B2C2 FlexCop PCI device. The issue arises in the flexcop_pci_remove() function, which calls cancel_delayed_work() without ensuring that any delayed work items, such as irq_check_work, have completed. This can lead to a scenario where memory is freed while still in use, potentially allowing unauthorized access or manipulation of kernel memory by the executing callback. The flaw was identified through static analysis and can be reproduced under specific conditions, including introducing artificial delays in the delayed work callback.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 382c5546d618f24dc7d6ae7ca33412083720efbf < 607010d07b8a509b01ed15ea12744acac6536a98

Linux 382c5546d618f24dc7d6ae7ca33412083720efbf

Linux 382c5546d618f24dc7d6ae7ca33412083720efbf < 120e221b4bbe9d0f6c09b5c4dc53ca4ad91d956b

References

https://git.kernel.org/stable/c/607010d07b8a509b01ed15ea1...
https://git.kernel.org/stable/c/bde8173def374230226e8554e...
https://git.kernel.org/stable/c/120e221b4bbe9d0f6c09b5c4d...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.