CVE-2025-39871

EPSS 0.02%
Veröffentlicht 23.09.2025 06:15:46
Zuletzt bearbeitet 24.09.2025 18:11:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Remove improper idxd_free

The call to idxd_free() introduces a duplicate put_device() leading to a
reference count underflow:
refcount_t: underflow; use-after-free.
WARNING: CPU: 15 PID: 4428 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110
...
Call Trace:
 <TASK>
  idxd_remove+0xe4/0x120 [idxd]
  pci_device_remove+0x3f/0xb0
  device_release_driver_internal+0x197/0x200
  driver_detach+0x48/0x90
  bus_remove_driver+0x74/0xf0
  pci_unregister_driver+0x2e/0xb0
  idxd_exit_module+0x34/0x7a0 [idxd]
  __do_sys_delete_module.constprop.0+0x183/0x280
  do_syscall_64+0x54/0xd70
  entry_SYSCALL_64_after_hwframe+0x76/0x7e

The idxd_unregister_devices() which is invoked at the very beginning of
idxd_remove(), already takes care of the necessary put_device() through the
following call path:
idxd_unregister_devices() -> device_unregister() -> put_device()

In addition, when CONFIG_DEBUG_KOBJECT_RELEASE is enabled, put_device() may
trigger asynchronous cleanup via schedule_delayed_work(). If idxd_free() is
called immediately after, it can result in a use-after-free.

Remove the improper idxd_free() to avoid both the refcount underflow and
potential memory corruption during module unload.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 0e95ee7f532b21206fe3f1c4054002b0d21e3b9c

Version d2d05fd0fc95c4defed6f7b87550e20e8baa1d97

Status affected

Version < dd7a7e43269711d757fc260b0bbdf7138f75de11

Version 21f9f5cd9a0c75084d4369ba0b8c4f695c41dea7

Status affected

Version < da4fbc1488a4cec6748da685181ee4449a878dac

Version d5449ff1b04dfe9ed8e455769aa01e4c2ccf6805

Status affected

Version < f41c538881eec4dcf5961a242097d447f848cda6

Version d5449ff1b04dfe9ed8e455769aa01e4c2ccf6805

Status affected

Version 68ac5a01f635b3791196fd1c39bc48497252c36f

Status affected

Version 2b7a961cea0e5b65afda911f76d14fec5c98d024

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.15

Status affected

Version < 6.15

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.107

Status unaffected

Version <= 6.12.*

Version 6.12.48

Status unaffected

Version <= 6.16.*

Version 6.16.8

Status unaffected

Version <= *

Version 6.17

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.048

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/0e95ee7f532b21206fe3f1c4054002b0d21e3b9c

https://git.kernel.org/stable/c/da4fbc1488a4cec6748da685181ee4449a878dac

https://git.kernel.org/stable/c/dd7a7e43269711d757fc260b0bbdf7138f75de11

https://git.kernel.org/stable/c/f41c538881eec4dcf5961a242097d447f848cda6

https://nvd.nist.gov/vuln/detail/CVE-2025-39871

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39871

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39871

EUVD