CVE-2025-39872

UNKNOWN 0.0

hsr: hold rcu and dev lock for hsr_get_port_ndev

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Sep 23, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

ef964411c8ca775967355d855abc56aeaca3c867 < 9433ba79c2ec3ec7c9a711748701549339c3438c 9c10dd8eed74de9e8adeb820939f8745cd566d4a < 68a6729afd3e8e9a2a32538642ce92b96ccf9b1d 9c10dd8eed74de9e8adeb820939f8745cd566d4a < 847748fc66d08a89135a74e29362a66ba4e3ab15

Linux / Linux

6.14

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/9433ba79c2ec3ec7c9a711748701549339c3438c git.kernel.org: https://git.kernel.org/stable/c/68a6729afd3e8e9a2a32538642ce92b96ccf9b1d git.kernel.org: https://git.kernel.org/stable/c/847748fc66d08a89135a74e29362a66ba4e3ab15