CVE-2025-21715
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21715
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21715.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21715
- Downstream
- Related
- Published
- 2025-02-27T02:07:26.174Z
- Modified
- 2025-11-28T02:34:41.374421Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- net: davicom: fix UAF in dm9000_drv_remove
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: davicom: fix UAF in dm9000drvremove
dm is netdev private data and it cannot be used after freenetdev() call. Using dm after freenetdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function.
This is similar to the issue fixed in commit ad297cd2db89 ("net: qcom/emac: fix UAF in emac_remove").
This bug is detected by our static analysis tool.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21715.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/19e65c45a1507a1a2926649d2db3583ed9d55fd9
- https://git.kernel.org/stable/c/2013c95df6752d9c88221d0f0f37b6f197969390
- https://git.kernel.org/stable/c/5a54367a7c2378c65aaa4d3cfd952f26adef7aa7
- https://git.kernel.org/stable/c/7d7d201eb3b766abe590ac0dda7a508b7db3e357
- https://git.kernel.org/stable/c/a53cb72043443ac787ec0b5fa17bb3f8ff3d462b
- https://git.kernel.org/stable/c/c411f9a5fdc9158e8f7c57eac961d3df3eb4d8ca
- https://git.kernel.org/stable/c/c94ab07edc2843e2f3d46dbd82e5c681503aaadf
- https://git.kernel.org/stable/c/db79e982c5f9e39ab710cbce55b05f2f5e6f1ca9
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21715.json
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-21715
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd28e783c20033b90a64d4e1307bafb56085d8184Fixeddb79e982c5f9e39ab710cbce55b05f2f5e6f1ca9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4fd0654b8f2129b68203974ddee15f804ec011c2Fixeda53cb72043443ac787ec0b5fa17bb3f8ff3d462b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedcf9e60aa69ae6c40d3e3e4c94dd6c8de31674e9bFixed7d7d201eb3b766abe590ac0dda7a508b7db3e357Fixedc94ab07edc2843e2f3d46dbd82e5c681503aaadfFixedc411f9a5fdc9158e8f7c57eac961d3df3eb4d8caFixed5a54367a7c2378c65aaa4d3cfd952f26adef7aa7Fixed2013c95df6752d9c88221d0f0f37b6f197969390Fixed19e65c45a1507a1a2926649d2db3583ed9d55fd9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedd182994b2b6e23778b146a230efac8f1d77a3445Last affected427b3fc3d5244fef9c1f910a9c699f2690642f83Last affected9c49181c201d434186ca6b1a7b52e29f4169f6f8Last affected9808f032c4d971cbf2b01411a0a2a8ee0040efe3Last affecteda1f308089257616cdb91b4334c5eaa81ae17e387
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.4.291
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.235
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.179
- Type
- ECOSYSTEM
- Events
-
Introduced5.12.0Fixed6.1.129
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.6.76
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.12.13
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.13.2