AZL-67569

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67569.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-67569
Upstream
Published
2025-09-19T16:15:44Z
Modified
2026-04-01T05:21:14.450670Z
Summary
CVE-2025-39859 affecting package kernel 6.6.126.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

ptp: ocp: fix use-after-free bugs causing by ptpocpwatchdog

The ptpocpdetach() only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, the timerdeletesync() is not called. This leads to race conditions where the devlink that contains the ptp_ocp is deallocated while the timer handler is still accessing it, resulting in use-after-free bugs. The following details one of the race scenarios.

(thread 1) | (thread 2) ptpocpremove() | ptpocpdetach() | ptpocpwatchdog() if (timerpending(&bp->watchdog))| bp = timercontainerof() timerdeletesync() | | devlinkfree(devlink) //free | | bp-> //use

Resolve this by unconditionally calling timerdeletesync() to ensure the timer is reliably deactivated, preventing any access after free.

References

Affected packages

Azure Linux:3 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
6.6.126.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67569.json"