CVE-2025-39994

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the xc5000 driver related to timer management. The xc5000 release function originally used cancel delayed work(), which does not guarantee completion of the timer sleep delayed work item before freeing the associated memory. This can lead to a use-after-free condition where timer sleep attempts to dereference freed memory. A race condition can occur where the xc5000 priv structure is freed while the timer sleep work item is still active. The issue was identified through static analysis.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-68510

BDU:2026-02710

CVE-2025-39994

DLA-4379-1

DLA-4404-1

DSA-6053-1

ECHO-BCC5-88D3-8943

MGASA-2025-0309

MGASA-2025-0310

OESA-2026-1305

OPENSUSE-SU-2025:15671-1

OPENSUSE-SU-2025:20091-1

OPENSUSE-SU-2026:10301-1

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:21080-1

SUSE-SU-2025:21147-1

SUSE-SU-2025:21180-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4301-1

USN-8033-1

USN-8033-2

USN-8033-3

USN-8033-4

USN-8033-5

USN-8033-6

USN-8033-7

USN-8033-8

USN-8034-1

USN-8034-2

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8165-1

USN-8243-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39994

Weakness Enumeration

Related Identifiers

Affected Products

References · 2862