CVE-2025-39925 — Improper Update of Reference Count in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 1
Latest updateOct 14
Description
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: implement NETDEV_UNREGISTER notification handler
syzbot is reporting
unregister_netdevice: waiting for vcan0 to become free. Usage count = 2
problem, for j1939 protocol did not have NETDEV_UNREGISTER notification
handler for undoing changes made by j1939_sk_bind().
Commit 25fe97cb7620 ("can: j1939: move j1939_priv_put() into sk_destruct
callback") expects that a call to j1939_priv_put() can be unconditionally
de…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages9 packages
▶CVEListV5linux/linux9d71dd0c70099914fcd063135da3c580865e924c — da9e8f429139928570407e8f90559b5d46c20262+2
Patches
🔴Vulnerability Details
2OSV▶
CVE-2025-39925: In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting u↗2025-10-01
GHSA▶
GHSA-g35j-5v93-p28m: In the Linux kernel, the following vulnerability has been resolved:
can: j1939: implement NETDEV_UNREGISTER notification handler
syzbot is reporting↗2025-10-01
📋Vendor Advisories
4Debian▶
CVE-2025-39925: linux - In the Linux kernel, the following vulnerability has been resolved: can: j1939:...↗2025
Microsoft▶
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file↗2021-11-09