Unrated severityNVD Advisory· Published Sep 23, 2025· Updated Jan 8, 2026

hsr: hold rcu and dev lock for hsr_get_port_ndev

CVE-2025-39872

Description

In the Linux kernel, the following vulnerability has been resolved:

hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.

Affected products

Linux/Kernelllm-fuzzy
Linux/Linuxv5
Range: 6.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/stable/c/68a6729afd3e8e9a2a32538642ce92b96ccf9b1dmitre
git.kernel.org/stable/c/847748fc66d08a89135a74e29362a66ba4e3ab15mitre
git.kernel.org/stable/c/9433ba79c2ec3ec7c9a711748701549339c3438cmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000