PT-2025-40640 · Linux+5 · Linux Kernel+5

Published

2025-09-18

·

Updated

2026-05-07

·

CVE-2025-39944

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contained use-after-free bugs within the otx2 sync tstamp() function in the octeontx2-pf module. The original code used cancel delayed work(), which did not guarantee completion of the synctstamp work item before deallocation of the otx2 ptp memory. This resulted in a use-after-free scenario where otx2 sync tstamp() attempted to dereference the deallocated otx2 ptp. The issue was identified through static analysis and reproduced in a QEMU simulation of the OcteonTX2 PCI device by introducing delays within the otx2 sync tstamp() function. A KASAN report confirmed the slab-use-after-free condition. The fix involves replacing cancel delayed work() with cancel delayed work sync() to ensure proper cancellation of the delayed work item before deallocation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-02674
CVE-2025-39944
DLA-4379-1
DSA-6053-1
ECHO-E566-4949-7FC6
MGASA-2025-0309
MGASA-2025-0310
OPENSUSE-SU-2025:20172-1
SUSE-SU-2025:4393-1
SUSE-SU-2025:4422-1
SUSE-SU-2025:4505-1
SUSE-SU-2025:4516-1
SUSE-SU-2025:4517-1
SUSE-SU-2025:4521-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
SUSE-SU-2026:20039-1
SUSE-SU-2026:20059-1
SUSE-SU-2026:20473-1
SUSE-SU-2026:20496-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Octeontx2 Pci
Qemu
Ubuntu