PT-2025-37978 · Linux+2 · Linux Kernel+2

Published

2025-01-01

·

Updated

2026-05-26

·

CVE-2025-39833

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc2-g6f713187ac98
Description The Linux kernel contains a flaw within the hfcpci module related to timer management. Specifically, unloading the module with CONFIG DEBUG OBJECTS TIMERS enabled can lead to a kernel warning and assertion failure due to the deletion of an uninitialized timer. This issue arises from the improper initialization of the hfc tl timer and manual timeout updates instead of using mod timer.
Recommendations Linux kernel versions prior to 6.17.0-rc2-g6f713187ac98: Update to version 6.17.0-rc2-g6f713187ac98 or a later version that includes the fix.

Exploit

Fix

Assertion Failure

Improper Initialization

Use of Uninitialized Resource

Weakness Enumeration

CWE-617CWE-665CWE-908

Related Identifiers

AZL-67416
AZL-71260
BDU:2026-03276
CVE-2025-39833
ECHO-E36A-25DC-F5B7
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1

Affected Products

Debian
Linux Kernel
Suse