Vulnerability Database

321,593

Total vulnerabilities in the database

CVE-2025-39873

In the Linux kernel, the following vulnerability has been resolved:

can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB

can_put_echo_skb() takes ownership of the SKB and it may be freed during or after the call.

However, xilinx_can xcan_write_frame() keeps using SKB after the call.

Fix that by only calling can_put_echo_skb() after the code is done touching the SKB.

The tx_lock is held for the entire xcan_write_frame() execution and also on the can_get_echo_skb() side so the order of operations does not matter.

An earlier fix commit 3d3c817c3a40 ("can: xilinx_can: Fix usage of skb memory") did not move the can_put_echo_skb() call far enough.

[mkl: add "commit" in front of sha1 in patch description] [mkl: fix indention]

  • Published: Sep 23, 2025
  • Updated: Jan 21, 2026
  • CVE: CVE-2025-39873
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 4.19 5.15.194
linux / linux_kernel 5.16 6.1.153
linux / linux_kernel 6.2 6.6.107
linux / linux_kernel 6.7 6.12.48
linux / linux_kernel 6.13 6.16.8
linux / linux_kernel 6.17-rc1 6.17-rc1.x
linux / linux_kernel 6.17-rc2 6.17-rc2.x
linux / linux_kernel 6.17-rc3 6.17-rc3.x
linux / linux_kernel 6.17-rc4 6.17-rc4.x
linux / linux_kernel 6.17-rc5 6.17-rc5.x
debian / debian_linux 11.0 11.0.x