VDB
DEBIAN-CVE-2025-39872
DEBIAN-CVE-2025-39872
PUBLISHED
CVSS 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 6.12.38-1, 6.12.43-1, 6.12.48-1 |
| Debian:14 | linux | 6.14.5-1~exp1, 6.14.6-1~exp1, 6.15-1~exp1 |
Timeline
- Sep 23, 2025 CVE Published
- Apr 28, 2026 CVE Updated