VYPR
Unrated severityNVD Advisory· Published Sep 23, 2025· Updated Jan 8, 2026

hsr: hold rcu and dev lock for hsr_get_port_ndev

CVE-2025-39872

Description

In the Linux kernel, the following vulnerability has been resolved:

hsr: hold rcu and dev lock for hsr_get_port_ndev

hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Linux/Kernelllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 6.14

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.