Security Advisory

CVE-2025-39872

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-23 06:00:45

Last updated 2026-05-23 16:00:54

Assigner Linux

State PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsr_get_port_ndev hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller function.

← Browse all CVEs View on cve.org ↗