Vulnerabilities

CVE-2025-39872

by Fred · 23/09/2025

In the Linux kernel, the following vulnerability has been resolved:

hsr: hold rcu and dev lock for hsr_get_port_ndev

hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock.
On the other hand, before return the port device, we need to hold the
device reference to avoid UaF in the caller function.

More information : https://git.kernel.org/stable/c/68a6729afd3e8e9a2a32538642ce92b96ccf9b1d

Similar

Tags: Cybersecurity Alert