Description

In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.

INFO

Published Date :

2025-09-23T06:00:45.528Z

Last Modified :

2026-01-08T09:50:16.213Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-39872 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-39872.

URL Resource
https://git.kernel.org/stable/c/68a6729afd3e8e9a2a32538642ce92b96ccf9b1d cve-icon cve-icon
https://git.kernel.org/stable/c/847748fc66d08a89135a74e29362a66ba4e3ab15 cve-icon cve-icon
https://git.kernel.org/stable/c/9433ba79c2ec3ec7c9a711748701549339c3438c cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025092300-CVE-2025-39872-5102@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39872 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39872 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact