PT-2025-37247 · Linux+5 · Linux Kernel+5

Published

2025-07-14

·

Updated

2026-04-20

·

CVE-2025-39790

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A flaw exists in the Linux kernel where the host may access stale data in the event ring due to a device updating the events ring pointer before updating the event contents. This can lead to a double-free condition if the host uses the channel's xfer cb() function to directly free the buffer pointed to by the Transaction Release Element (TRE). This issue was observed on an endpoint (EP) using an upstream EP stack. The commit 6f18d174b73d addresses this by ensuring transactions where the event points to a TRE that isn't local rp + 1 are chained.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2025-15690
CVE-2025-39790
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-EC45-1CCA-6DF2
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu