PT-2025-39139 · Linux+2 · Linux Kernel+2

Published

2025-08-29

Updated

2025-11-25

CVE-2025-39882

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s drm/mediatek component related to device tree node handling. Specifically, the for each child of node() helper function incorrectly manages reference counts for device tree nodes. An unnecessary decrement in the reference count during iteration could lead to a use-after-free condition. This occurs because the helper function releases the reference to each node as it iterates, and an additional, incorrect decrement was introduced.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-13898

CVE-2025-39882

MGASA-2025-0309

MGASA-2025-0310

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-39139 · Linux+2 · Linux Kernel+2

CVE-2025-39882

Weakness Enumeration

Related Identifiers

Affected Products

References · 2129