#VU117251 Use-after-free in Linux kernel - CVE-2025-39994
Published: October 15, 2025
Vulnerability identifier: #VU117251
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-39994
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xc5000_release() function in drivers/media/tuners/xc5000.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/40b7a19f321e65789612ebaca966472055dab48c
- https://git.kernel.org/stable/c/4266f012806fc18e46da4a04d130df59a4946f93
- https://git.kernel.org/stable/c/71ed8b81a4906cb785966910f39cf7f5ad60a69e
- https://git.kernel.org/stable/c/9a00de20ed8ba90888479749b87bc1532cded4ce
- https://git.kernel.org/stable/c/df0303b4839520b84d9367c2fad65b13650a4d42
- https://git.kernel.org/stable/c/effb1c19583bca7022fa641a70766de45c6d41ac