CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove
First published: Thu Feb 27 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private data and it cannot be used after free_netdev() call. Using dm after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the function. This is similar to the issue fixed in commit ad297cd2db89 ("net: qcom/emac: fix UAF in emac_remove"). This bug is detected by our static analysis tool.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=4.4.262<4.5 | |
| Linux Kernel | >=4.9.262<4.10 | |
| Linux Kernel | >=4.14.226<4.15 | |
| Linux Kernel | >=4.19.181<4.20 | |
| Linux Kernel | >=5.4.106<5.4.291 | |
| Linux Kernel | >=5.10.24<5.10.235 | |
| Linux Kernel | >=5.11.7<5.15.179 | |
| Linux Kernel | >=5.16<6.1.129 | |
| Linux Kernel | >=6.2<6.6.76 | |
| Linux Kernel | >=6.7<6.12.13 | |
| Linux Kernel | >=6.13<6.13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/19e65c45a1507a1a2926649d2db3583ed9d55fd9
- https://git.kernel.org/stable/c/2013c95df6752d9c88221d0f0f37b6f197969390
- https://git.kernel.org/stable/c/5a54367a7c2378c65aaa4d3cfd952f26adef7aa7
- https://git.kernel.org/stable/c/c411f9a5fdc9158e8f7c57eac961d3df3eb4d8ca
- https://git.kernel.org/stable/c/c94ab07edc2843e2f3d46dbd82e5c681503aaadf
- https://git.kernel.org/stable/c/db79e982c5f9e39ab710cbce55b05f2f5e6f1ca9
- https://git.kernel.org/stable/c/a53cb72043443ac787ec0b5fa17bb3f8ff3d462b
- https://git.kernel.org/stable/c/7d7d201eb3b766abe590ac0dda7a508b7db3e357
Frequently Asked Questions
What is the severity of CVE-2025-21715?
CVE-2025-21715 has a medium severity due to the potential for use-after-free vulnerabilities affecting the Linux kernel.
How do I fix CVE-2025-21715?
To fix CVE-2025-21715, upgrade to the latest version of the Linux kernel where the vulnerability has been patched.
What systems are affected by CVE-2025-21715?
CVE-2025-21715 affects various versions of the Linux kernel that utilize the davicom dm9000 driver.
Is CVE-2025-21715 easily exploitable?
Exploitation of CVE-2025-21715 requires local access and is dependent on specific conditions in the network environment.
Where can I find more information about CVE-2025-21715?
Further details about CVE-2025-21715 can be found in the official Linux kernel repositories and security advisories.
- agent/type
- agent/title
- agent/author
- agent/source
- agent/description
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/linux kernel
- canonical/linux kernel
- vendor/linux
- version/linux kernel/4.4.262
- version/linux kernel/4.9.262
- version/linux kernel/4.14.226
- version/linux kernel/4.19.181
- version/linux kernel/5.4.106
- version/linux kernel/5.10.24
- version/linux kernel/5.11.7
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13