CVE-2025-39783
HIGHDescription
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field of struct pci_epf_driver in pci_epf_remove_cfs() is not correct as this field is a list head, not a list entry. This list_del() call triggers a KASAN warning when an endpoint function driver which has a configfs attribute group is torn down: ================================================================== BUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198 Write of size 8 at addr ffff00010f4a0d80 by task rmmod/319 CPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE Hardware name: Radxa ROCK 5B (DT) Call trace: show_stack+0x2c/0x84 (C) dump_stack_lvl+0x70/0x98 print_report+0x17c/0x538 kasan_report+0xb8/0x190 __asan_report_store8_noabort+0x20/0x2c pci_epf_remove_cfs+0x17c/0x198 pci_epf_unregister_driver+0x18/0x30 nvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf] __arm64_sys_delete_module+0x264/0x424 invoke_syscall+0x70/0x260 el0_svc_common.constprop.0+0xac/0x230 do_el0_svc+0x40/0x58 el0_svc+0x48/0xdc el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c ... Remove this incorrect list_del() call from pci_epf_remove_cfs().
Is your site exposed to CVE-2025-39783?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| linux | linux_kernel |
| linux | linux_kernel |
| linux | linux_kernel |
| linux | linux_kernel |
| linux | linux_kernel |
| linux | linux_kernel |
| linux | linux_kernel |
| debian | debian_linux |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-39783? +
How severe is CVE-2025-39783? +
What products are affected by CVE-2025-39783? +
How do I check if I'm vulnerable to CVE-2025-39783? +
Related Vulnerabilities
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the …
LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. …
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the …
LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a …
The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. …
editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have …