CVE-2025-39993

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc1-syzkaller

Description The iMON driver does not properly manage USB device references during disconnection, leading to a potential use-after-free condition. Specifically, the usb device reference count is decremented unconditionally in imon disconnect without considering active users of the device. This can occur if operations like vfd write are in progress when the device is disconnected, resulting in a use-after-free of the usb device pointer. The issue arises because the fields usbdev intf0 and usbdev intf1 are not protected by a user counter. The vulnerability can be triggered when send packet() or other operations attempt to access the usbdev intf0 pipe after the device has been disconnected.

Recommendations Update to a version beyond 6.0.0-rc1-syzkaller.