CVE-2025-21715

Published Feb 27, 2025

Last updated 5 months ago

CVSS high 7.8

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot be used after free_netdev() call. Using dm after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. This is similar to the issue fixed in commit ad297cd2db89 ("net: qcom/emac: fix UAF in emac_remove"). This bug is detected by our static analysis tool.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Modified
Products: linux_kernel

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-416

Hype score: Not currently trending

CVE-2025-21715 In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot be used after… https://t.co/pViuxnVH21
@CVEnew
27 Feb 2025
800 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C020C31F-47CF-42F2-A390-66AC716AD29F",
            "versionEndExcluding": "4.5",
            "versionStartIncluding": "4.4.262",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "86BFA76D-C97D-4F78-A857-7DC7B5711DC0",
            "versionEndExcluding": "4.10",
            "versionStartIncluding": "4.9.262",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C9608EF4-37A2-4904-B924-93CA34F65EBE",
            "versionEndExcluding": "4.15",
            "versionStartIncluding": "4.14.226",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6CD1844D-5434-4975-BB93-6CD6962BDD86",
            "versionEndExcluding": "4.20",
            "versionStartIncluding": "4.19.181",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A68494EB-28C2-4CA7-84BF-CA5A0F101C2C",
            "versionEndExcluding": "5.4.291",
            "versionStartIncluding": "5.4.106",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B0876206-0FB7-4903-A5F8-D8D144259E0C",
            "versionEndExcluding": "5.10.235",
            "versionStartIncluding": "5.10.24",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E62061D9-0931-468F-87F0-9FB3065DF87B",
            "versionEndExcluding": "5.15.179",
            "versionStartIncluding": "5.11.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2DA5009C-C9B9-4A1D-9B96-78427E8F232C",
            "versionEndExcluding": "6.1.129",
            "versionStartIncluding": "5.16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A6D70701-9CB6-4222-A957-00A419878993",
            "versionEndExcluding": "6.6.76",
            "versionStartIncluding": "6.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2897389C-A8C3-4D69-90F2-E701B3D66373",
            "versionEndExcluding": "6.12.13",
            "versionStartIncluding": "6.7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6D4116B1-1BFD-4F23-BA84-169CC05FC5A3",
            "versionEndExcluding": "6.13.2",
            "versionStartIncluding": "6.13",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References