-
CVE-2025-39783
- EPSS 0.03%
- Veröffentlicht 11.09.2025 16:56:33
- Zuletzt bearbeitet 15.09.2025 15:22:38
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field of struct pci_epf_driver in pci_epf_remove_cfs() is not correct as this field is a list head, not a list entry. This list_del() call triggers a KASAN warning when an endpoint function driver which has a configfs attribute group is torn down: ================================================================== BUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198 Write of size 8 at addr ffff00010f4a0d80 by task rmmod/319 CPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE Hardware name: Radxa ROCK 5B (DT) Call trace: show_stack+0x2c/0x84 (C) dump_stack_lvl+0x70/0x98 print_report+0x17c/0x538 kasan_report+0xb8/0x190 __asan_report_store8_noabort+0x20/0x2c pci_epf_remove_cfs+0x17c/0x198 pci_epf_unregister_driver+0x18/0x30 nvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf] __arm64_sys_delete_module+0x264/0x424 invoke_syscall+0x70/0x260 el0_svc_common.constprop.0+0xac/0x230 do_el0_svc+0x40/0x58 el0_svc+0x48/0xdc el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c ... Remove this incorrect list_del() call from pci_epf_remove_cfs().
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
80ea6e6904fb2ba4ccb5d909579988466ec65358
Version
ef1433f717a2c63747a519d86965d73ff9bd08b3
Status
affected
Version <
d5aecddc3452371d9da82cdbb0c715812524b54b
Version
ef1433f717a2c63747a519d86965d73ff9bd08b3
Status
affected
Version <
dc4ffbd571716ff3b171418fb03abe80e720a7b1
Version
ef1433f717a2c63747a519d86965d73ff9bd08b3
Status
affected
Version <
409af8b9f7b4f23cd0464e71c6cd6fe13c076ae2
Version
ef1433f717a2c63747a519d86965d73ff9bd08b3
Status
affected
Version <
0758862386f114d9ab1e23181461bd1e2e9ec4c6
Version
ef1433f717a2c63747a519d86965d73ff9bd08b3
Status
affected
Version <
6cf65505523224cab1449d726d2ce8180c2941ee
Version
ef1433f717a2c63747a519d86965d73ff9bd08b3
Status
affected
Version <
a302bd89db35d8b7e279de4d2b41c16c7f191069
Version
ef1433f717a2c63747a519d86965d73ff9bd08b3
Status
affected
Version <
d79123d79a8154b4318529b7b2ff7e15806f480b
Version
ef1433f717a2c63747a519d86965d73ff9bd08b3
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.18
Status
affected
Version <
4.18
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.297
Status
unaffected
Version <=
5.10.*
Version
5.10.241
Status
unaffected
Version <=
5.15.*
Version
5.15.190
Status
unaffected
Version <=
6.1.*
Version
6.1.149
Status
unaffected
Version <=
6.6.*
Version
6.6.103
Status
unaffected
Version <=
6.12.*
Version
6.12.44
Status
unaffected
Version <=
6.16.*
Version
6.16.4
Status
unaffected
Version <=
*
Version
6.17-rc1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.077 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|