PT-2025-38573 · Linux+4 · Linux Kernel+4

Published

2025-04-16

·

Updated

2026-05-07

·

CVE-2025-39866

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.56-gb4403bd46a8e #1
Description The Linux kernel contains a use-after-free issue in the mark inode dirty() function related to file system writeback. This occurs when the function accesses a block device writeback (bdi writeback) that is in the process of switching, leading to a potential crash. The root cause is a race condition where wb wakeup delayed() accesses the writeback structure after it has been released.
Recommendations Update the Linux kernel to version 6.6.56-gb4403bd46a8e #1 or later.

Exploit

Fix

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

AZL-67578
AZL-75119
BDU:2025-13687
CVE-2025-39866
DLA-4328-1
DLA-4404-1
DSA-6008-1
DSA-6009-1
ECHO-FE13-0D2A-AE78
INFESA-2025_0006
OESA-2025-2406
OESA-2025-2407
OESA-2025-2408
OPENSUSE-SU-2025:20091-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21080-1
SUSE-SU-2025:21147-1
SUSE-SU-2025:21180-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4189-1
SUSE-SU-2025:4301-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu