Vulnerability Database

314,343

Total vulnerabilities in the database

CVE-2025-39896

In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Prevent recovery work from being queued during device removal

Use disable_work_sync() instead of cancel_work_sync() in ivpu_dev_fini() to ensure that no new recovery work items can be queued after device removal has started. Previously, recovery work could be scheduled even after canceling existing work, potentially leading to use-after-free bugs if recovery accessed freed resources.

Rename ivpu_pm_cancel_recovery() to ivpu_pm_disable_recovery() to better reflect its new behavior.

Published: Oct 1, 2025
Updated: Dec 15, 2025
CVE: CVE-2025-39896
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.8	6.12.46
linux / linux_kernel	6.13	6.16.6
linux / linux_kernel	6.17-rc1	6.17-rc1.x
linux / linux_kernel	6.17-rc2	6.17-rc2.x
linux / linux_kernel	6.17-rc3	6.17-rc3.x
linux / linux_kernel	6.17-rc4	6.17-rc4.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo