CVE-2025-39859

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the ptp ocp watchdog function. The ptp ocp detach() function only shuts down the watchdog timer if it is pending. If the timer handler is already running, timer delete sync() is not called, leading to a race condition where the device link containing the ptp ocp is deallocated while the timer handler is still accessing it. This results in a use-after-free condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-67569

BDU:2025-13685

CVE-2025-39859

ECHO-0715-D1D1-1984

OPENSUSE-SU-2025:20172-1

SUSE-SU-2025:4393-1

SUSE-SU-2025:4422-1

SUSE-SU-2025:4505-1

SUSE-SU-2025:4516-1

SUSE-SU-2025:4517-1

SUSE-SU-2025:4521-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:20039-1

SUSE-SU-2026:20059-1

SUSE-SU-2026:20473-1

SUSE-SU-2026:20496-1

Affected Products

Astra Linux

Debian

Linux Kernel

CVE-2025-39859

Weakness Enumeration

Related Identifiers

Affected Products

References · 307