CVE-2025-39951

When registervirtiodevice() fails in virtioumlprobe(), the code sets vu_dev->registered = 1 even though the device was not successfully registered. This can lead to use-after-free or other issues.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39951.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

04e5b1fb01834a602acaae2276b67a783a8c6159

Fixed

14c231959a16ca41bfdcaede72483362a8c645d7

Fixed

5e94e44c9cb30d7a383d8ac227f24a8c9326b770

Fixed

aaf900a83508c8cd5cdf765e7749f9076196ec7f

Fixed

4f364023ddcfe83f7073b973a9cb98584b7f2a46

Fixed

00e98b5a69034b251bb36dc6e7123d7648e218e4

Fixed

c2ff91255e0157b356cff115d8dc3eeb5162edf2

Fixed

7ebf70cf181651fe3f2e44e95e7e5073d594c9c0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39951.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.245

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.194

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.154

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.108

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.49

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.16.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39951.json"