CVE-2025-39925

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel has an issue where the j1939 protocol lacked a NETDEV UNREGISTER notification handler, leading to problems when unregistering network devices. Specifically, the j1939 sk bind() function holds an extra reference on a struct j1939 priv, and this reference was not being released promptly upon NETDEV UNREGISTER notification. This prevented the struct net device usage count from reaching zero, blocking the unregister netdevice() function. The issue arises because a call to j1939 priv put() was unconditionally delayed until j1939 sk sock destruct(), but it needed to be called immediately when the NETDEV UNREGISTER notification fired.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-911

Related Identifiers

ALSA-2025:22854

ALSA-2025:22865

BDU:2026-03273

CVE-2025-39925

ECHO-AF2B-C0E4-7404

OESA-2026-1228

OESA-2026-1229

OESA-2026-1230

OPENSUSE-SU-2025:20081-1

RHSA-2025:22865

RHSA-2026:0173

RHSA-2026:0271

RHSA-2026:0534

RHSA-2026:0535

RHSA-2026:0537

RHSA-2026:0576

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

Affected Products

Almalinux

Debian

Linux Kernel

Red Hat

Rocky Linux

Suse

CVE-2025-39925

Weakness Enumeration

Related Identifiers

Affected Products

References · 2162