CVE-2025-39872

Published: Sep 23, 2025

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.

Vendor	Product	Versions
Linux	Linux	affected `ef964411c8ca775967355d855abc56aeaca3c867 - < 9433ba79c2ec3ec7c9a711748701549339c3438c` affected `9c10dd8eed74de9e8adeb820939f8745cd566d4a - < 68a6729afd3e8e9a2a32538642ce92b96ccf9b1d` affected `9c10dd8eed74de9e8adeb820939f8745cd566d4a - < 847748fc66d08a89135a74e29362a66ba4e3ab15` affected `6.12.63 - < 6.12.64`
Linux	Linux	affected `6.14` unaffected `0 - < 6.14` unaffected `6.12.64 - <= 6.12.` unaffected `6.16.8 - <= 6.16.` unaffected `6.17 - <= *`

References

https://git.kernel.org/stable/c/9433ba79c2ec3ec7c9a711748701549339c3438c

https://git.kernel.org/stable/c/68a6729afd3e8e9a2a32538642ce92b96ccf9b1d

https://git.kernel.org/stable/c/847748fc66d08a89135a74e29362a66ba4e3ab15

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-39872

Description

Affected Products

References