CVE-2025-39873Use After Free in Linux

CWE-416Use After Free27 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 23
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put_echo_skb() takes ownership of the SKB and it may be freed during or after the call. However, xilinx_can xcan_write_frame() keeps using SKB after the call. Fix that by only calling can_put_echo_skb() after the code is done touching the SKB. The tx_lock is held for the entire xcan_write_frame() execution and also on the can_get_echo_skb() side

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel4.195.15.194+5
Debianlinux/linux_kernel< 6.1.153-1+2
CVEListV5linux/linux1598efe57b3e768056e4ca56cb9cf33111e68d1ce202ffd9e54538ef67ec301ebd6d9da4823466c9+6

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2025-39873: In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put2025-09-23
CVEList
can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB2025-09-23
GHSA
GHSA-9mp7-jx47-xv3h: In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_p2025-09-23

📋Vendor Advisories

23
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
CVE-2025-39873 — Use After Free in Linux | cvebase