CVE-2025-39872

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to resource handling within the hsr subsystem. Specifically, the hsr get port ndev function does not properly manage locks, potentially leading to a use-after-free condition. The function calls hsr for each port, which requires a read-copy-update (RCU) lock, and attempts to hold a device lock before returning the port device. This improper lock management could create a vulnerability in the caller function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.