CVE-2025-39966

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a use-after-free issue within the iommufd subsystem, specifically during the abort process for file descriptors. The problem stemmed from the asynchronous nature of fput(), which doesn't immediately call the file's release operation. This delay created a race condition where an iommufd object could be freed prematurely while the file structure still held a reference to it, leading to a use-after-free condition when the workqueue completed the fput() operation. The issue was triggered when allocation of a new object aborted before the file was fully installed. The vulnerability was identified through KASAN reports during testing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.