CVE-2025-21715

HIGH EPSS 9.9%
Published Feb 27, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot be used after free_netdev() call. Using dm after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. This is similar to the issue fixed in commit ad297cd2db89 ("net: qcom/emac: fix UAF in emac_remove"). This bug is detected by our static analysis tool.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
9.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥4.4.262  –  <4.5
linuxlinux_kernel*≥4.9.262  –  <4.10
linuxlinux_kernel*≥4.14.226  –  <4.15
linuxlinux_kernel*≥4.19.181  –  <4.20
linuxlinux_kernel*≥5.4.106  –  <5.4.291
linuxlinux_kernel*≥5.10.24  –  <5.10.235
linuxlinux_kernel*≥5.11.7  –  <5.15.179
linuxlinux_kernel*≥5.16  –  <6.1.129
linuxlinux_kernel*≥6.2  –  <6.6.76
linuxlinux_kernel*≥6.7  –  <6.12.13
linuxlinux_kernel*≥6.13  –  <6.13.2

References 10

  • git.kernel.org https://git.kernel.org/stable/c/19e65c45a1507a1a2926649d2db3583ed9d55fd9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2013c95df6752d9c88221d0f0f37b6f197969390
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a54367a7c2378c65aaa4d3cfd952f26adef7aa7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d7d201eb3b766abe590ac0dda7a508b7db3e357
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a53cb72043443ac787ec0b5fa17bb3f8ff3d462b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c411f9a5fdc9158e8f7c57eac961d3df3eb4d8ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c94ab07edc2843e2f3d46dbd82e5c681503aaadf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db79e982c5f9e39ab710cbce55b05f2f5e6f1ca9
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/19e65c45a1507a1a2926649d2db3583ed9d55fd9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2013c95df6752d9c88221d0f0f37b6f197969390
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a54367a7c2378c65aaa4d3cfd952f26adef7aa7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d7d201eb3b766abe590ac0dda7a508b7db3e357
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a53cb72043443ac787ec0b5fa17bb3f8ff3d462b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c411f9a5fdc9158e8f7c57eac961d3df3eb4d8ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c94ab07edc2843e2f3d46dbd82e5c681503aaadf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db79e982c5f9e39ab710cbce55b05f2f5e6f1ca9
    Patch