PT-2025-40641 · Linux+6 · Linux Kernel+6
Published
2025-09-18
·
Updated
2026-05-07
·
CVE-2025-39945
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The Linux kernel contains a flaw within the cnic module, specifically in the
cnic delete task function, that can lead to a use-after-free condition. The issue arises from the use of cancel delayed work() which does not guarantee completion of the delayed work item before the associated cnic dev is deallocated. This is exacerbated by the cyclic nature of the delayed work item and the limitations of flush workqueue(). A race condition can occur where cnic dev is freed while delete task is still active, leading to a dereference of freed memory. The problem was identified through static analysis and reproduced in a QEMU simulation by introducing delays within the cnic delete task() function.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Linux Kernel
Qemu
Suse
Ubuntu
Cnic