CVE-2025-39872

Summary

In the Linux kernel, the following vulnerability has been resolved:

hsr: hold rcu and dev lock for hsr_get_port_ndev

hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxef964411c8ca775967355d855abc56aeaca3c867 < 9433ba79c2ec3ec7c9a711748701549339c3438caffected
LinuxLinux9c10dd8eed74de9e8adeb820939f8745cd566d4a < 68a6729afd3e8e9a2a32538642ce92b96ccf9b1daffected
LinuxLinux9c10dd8eed74de9e8adeb820939f8745cd566d4a < 847748fc66d08a89135a74e29362a66ba4e3ab15affected
LinuxLinux6.12.63 < 6.12.64affected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.12.64 <= 6.12.*unaffected
LinuxLinux6.16.8 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References