CVE-2025-39993 — Use After Free in Linux

CWE-416 — Use After Free71 documents7 sources

Severity

7.8HIGHOSV

OSV7.1OSV5.5OSV3.2

No vector

EPSS

0.1%

top 74.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +2 more

Timeline

PublishedOct 15

Latest updateFeb 12

Description

In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627 Read of size 4 at addr ffff8880256fb000 by task syz-executor314/4465 CPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9…

Affected Packages7 packages

▶Linuxlinux/linux_kernel2.6.35 — 5.4.301+7

▶Debianlinux/linux_kernel< 5.10.247-1+3

▶Ubuntulinux/linux_kernel< 5.15.0-164.174+4

▶msrcmsrc/azl3_kernel_6.6.96.2-2_on_azure_linux_3.0

▶CVEListV5linux/linux21677cfc562a27e099719d413287bc8d1d24deb7 — 9348976003e39754af344949579e824a0a210fc4+9

🔴Vulnerability Details

OSV

linux-azure, linux-azure-fips vulnerabilities↗2026-02-12

▶

OSV

linux-gcp-fips vulnerabilities↗2026-02-11

▶

OSV

linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15 vulnerabilities↗2026-02-05

▶

OSV

linux-fips vulnerabilities↗2026-01-29

▶

OSV

linux-aws-fips, linux-fips vulnerabilities↗2026-01-29

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel (GCP FIPS) vulnerabilities↗2026-02-11

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-05

▶

Ubuntu

Linux kernel (FIPS) vulnerabilities↗2026-01-29

▶

Ubuntu

Linux kernel (FIPS) vulnerabilities↗2026-01-29

▶