CVE-2025-39873
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39873
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39873.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39873
- Downstream
- Related
- Published
- 2025-09-23T06:00:46.157Z
- Modified
- 2025-11-28T02:33:50.644396Z
- Summary
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
can: xilinxcan: xcanwrite_frame(): fix use-after-free of transmitted SKB
canputecho_skb() takes ownership of the SKB and it may be freed during or after the call.
However, xilinxcan xcanwrite_frame() keeps using SKB after the call.
Fix that by only calling canputecho_skb() after the code is done touching the SKB.
The txlock is held for the entire xcanwriteframe() execution and also on the cangetechoskb() side so the order of operations does not matter.
An earlier fix commit 3d3c817c3a40 ("can: xilinxcan: Fix usage of skb memory") did not move the canputechoskb() call far enough.
[mkl: add "commit" in front of sha1 in patch description] [mkl: fix indention]
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39873.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1139321161a3ba5e45e61e0738b37f42f20bc57a
- https://git.kernel.org/stable/c/668cc1e3bb21101d074e430de1b7ba8fd10189e7
- https://git.kernel.org/stable/c/725b33deebd6e4c96fe7893f384510a54258f28f
- https://git.kernel.org/stable/c/94b050726288a56a6b8ff55aa641f2fedbd3b44c
- https://git.kernel.org/stable/c/e202ffd9e54538ef67ec301ebd6d9da4823466c9
- https://git.kernel.org/stable/c/ef79f00be72bd81d2e1e6f060d83cf7e425deee4
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39873.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39873
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1598efe57b3e768056e4ca56cb9cf33111e68d1cFixede202ffd9e54538ef67ec301ebd6d9da4823466c9Fixed1139321161a3ba5e45e61e0738b37f42f20bc57aFixed94b050726288a56a6b8ff55aa641f2fedbd3b44cFixed725b33deebd6e4c96fe7893f384510a54258f28fFixed668cc1e3bb21101d074e430de1b7ba8fd10189e7Fixedef79f00be72bd81d2e1e6f060d83cf7e425deee4