CVE-2025-39872
- Source
- https://cve.org/CVERecord?id=CVE-2025-39872
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39872.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39872
- Downstream
- Published
- 2025-09-23T06:00:45.528Z
- Modified
- 2026-05-15T11:53:25.476245478Z
- Summary
- hsr: hold rcu and dev lock for hsr_get_port_ndev
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
hsr: hold rcu and dev lock for hsrgetport_ndev
hsrgetportndev calls hsrforeachport, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39872.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/68a6729afd3e8e9a2a32538642ce92b96ccf9b1d
- https://git.kernel.org/stable/c/847748fc66d08a89135a74e29362a66ba4e3ab15
- https://git.kernel.org/stable/c/9433ba79c2ec3ec7c9a711748701549339c3438c
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39872.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-39872
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git