Description

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog The ptp_ocp_detach() only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, the timer_delete_sync() is not called. This leads to race conditions where the devlink that contains the ptp_ocp is deallocated while the timer handler is still accessing it, resulting in use-after-free bugs. The following details one of the race scenarios. (thread 1) | (thread 2) ptp_ocp_remove() | ptp_ocp_detach() | ptp_ocp_watchdog() if (timer_pending(&bp->watchdog))| bp = timer_container_of() timer_delete_sync() | | devlink_free(devlink) //free | | bp-> //use Resolve this by unconditionally calling timer_delete_sync() to ensure the timer is reliably deactivated, preventing any access after free.

INFO

Published Date :

2025-09-19T15:26:29.717Z

Last Modified :

2026-01-14T19:23:13.413Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-39859 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-39859.

URL Resource
https://git.kernel.org/stable/c/8bf935cf789872350b04c1a6468b0a509f67afb2 cve-icon cve-icon
https://git.kernel.org/stable/c/f10d3c7267ac7387a5129d5506c3c5f2460cfd9b cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091905-CVE-2025-39859-52d5@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39859 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39859 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact