CVE-2025-21715Use After Free in Linux

CWE-416Use After Free107 documents8 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV5.9OSV5.5
EPSS
0.0%
top 92.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedFeb 27
Latest updateJan 29

Description

In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot be used after free_netdev() call. Using dm after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. This is similar to the issue fixed in commit ad297cd2db89 ("net: qcom/emac: fix UAF in emac_remove"). This bug is detected by our static analysis tool.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel4.4.2624.5+10
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.4.0-216.236+4
CVEListV5linux/linuxd28e783c20033b90a64d4e1307bafb56085d8184db79e982c5f9e39ab710cbce55b05f2f5e6f1ca9+13
debiandebian/linux< linux 6.1.129-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

52
OSV
linux-azure-fips vulnerabilities2025-12-16
OSV
linux-fips vulnerabilities2025-12-15
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2025-12-15
OSV
linux-azure, linux-azure-4.15, linux-oracle, vulnerabilities2025-12-12
OSV
linux-gcp, linux-gcp-4.15, linux-hwe vulnerabilities2025-12-04

📋Vendor Advisories

53
Ubuntu
Kernel Live Patch Security Notice2026-01-29
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-16
Ubuntu
Linux kernel vulnerabilities2025-12-15
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-12-15
Ubuntu
Linux kernel kernel vulnerabilities2025-12-12

📄Research Papers

1
arXiv
KNighter: Transforming Static Analysis with LLM-Synthesized Checkers2025-09-03