CVE-2025-39978

EPSS 0.06%

發布日:2025/10/15修改日:2026/4/28

描述

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Two lines later, we take a mutex so I don't think this is an RCU safe region. Re-order it to do the dereferences before queuing up the free.

受影響套件(2)

Debian/linuxfrom 0, < 6.1.158-1
Debian/linux-6.1from 0, < 6.1.158-1~deb11u1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-39978