DEBIAN-CVE-2025-39925
In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREGISTER notification handler for undoing changes made by j1939_sk_bind(). Commit 25fe97cb7620 ("can: j1939: move j1939_priv_put() into sk_destruct callback") expects that a call to j1939_priv_put() can be unconditionally delayed until j1939_sk_sock_destruct() is called. But we need to call j1939_priv_put() against an extra ref held by j1939_sk_bind() call (as a part of undoing changes made by j1939_sk_bind()) as soon as NETDEV_UNREGISTER notification fires (i.e. before j1939_sk_sock_destruct() is called via j1939_sk_release()). Otherwise, the extra ref on "struct j1939_priv" held by j1939_sk_bind() call prevents "struct net_device" from dropping the usage count to 1; making it impossible for unregister_netdevice() to continue. [mkl: remove space in front of label]
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | 5.17.11-1, 5.17.6-1, 5.17~rc3-1~exp1 |
| Debian:14 | linux | 6.15.5-1, 6.15.6-1, 6.15 |
| Debian:12 | linux | 6.12.17-1, 0, 6.1.106-1 |
| Debian:13 | linux | *, *, * |
Timeline
- Oct 1, 2025 CVE Published
- Apr 28, 2026 CVE Updated