CVE-2025-39863

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free vulnerability within the brcmfmac module related to the handling of the brcmf btcoex info workqueue. Specifically, the brcmf btcoex detach() function may fail to properly shut down the btcoex timer, leading to a race condition where the brcmf btcoex timerfunc() can reschedule the work after the memory has been freed. This can occur in two scenarios: when the brcmf btcoex info struct is freed before the worker is scheduled, or when it is freed after the worker has been scheduled but before or during its execution. The vulnerability arises from a missing call to timer shutdown sync() under certain conditions, allowing the timer to continue running and potentially accessing freed memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-67563

AZL-72349

BDU:2025-13447

CVE-2025-39863

DSA-6008-1

ECHO-75E1-88D8-3C53

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03614-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

Brcmfmac

CVE-2025-39863

Weakness Enumeration

Related Identifiers

Affected Products

References · 3717