CVE-2025-71182

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the J1939 protocol. Specifically, the j1939 session activate() function may succeed even after the network device has been unregistered via j1939 cancel active session(). This can occur because the check within j1939 session activate() is performed while holding the session list lock, which reliably closes a race condition window. The issue was initially reported by syzbot and a previous commit aimed to address it did not fully resolve the problem. The vulnerability can lead to issues when unregistering a network device, as indicated by the message "unregister netdevice: waiting for vcan0 to become free. Usage count = 2".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-664CWE-371

Related Identifiers

BDU:2026-04102

CVE-2025-71182

ECHO-8AF6-08DF-9473

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8096-5

USN-8116-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8243-1

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-71182

Weakness Enumeration

Related Identifiers

Affected Products

References · 2152