CVE-2025-39790 – A double-free vulnerability in the Linux kernel... (How to Fix)

Q: What is the severity of CVE-2025-39790?

CVE-2025-39790 has a CVSS score of 7.8 (HIGH). A double-free vulnerability in the Linux kernel's MHI host driver allows a malicious or compromised remote device to trigger memory corruption. This affects systems using the MHI bus for communication with PCIe-based modems or similar hardware. The vulnerability can lead to kernel crashes or potential privilege escalation.

📋 TL;DR

A double-free vulnerability in the Linux kernel's MHI host driver allows a malicious or compromised remote device to trigger memory corruption. This affects systems using the MHI bus for communication with PCIe-based modems or similar hardware. The vulnerability can lead to kernel crashes or potential privilege escalation.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using MHI host functionality with vulnerable remote devices. Common in systems with PCIe-based modems or similar hardware.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation allowing full system compromise.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting MHI-connected devices.

🟢

If Mitigated

Minimal impact if proper network segmentation and device authentication are in place.

🌐 Internet-Facing: LOW - Requires access to MHI-connected hardware interface, not directly internet-exposed.

🏢 Internal Only: MEDIUM - Requires compromised or malicious MHI-connected device on the same system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires control over a connected MHI device. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commit 2ec99b922f4661521927eeada76f431eebfbabc4 or later

Vendor Advisory: https://git.kernel.org/stable/c/2ec99b922f4661521927eeada76f431eebfbabc4

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable MHI functionality

linux

Remove or disable MHI host driver if not required

modprobe -r mhi
echo 'blacklist mhi' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Isolate systems with MHI-connected devices from untrusted networks
Implement strict access controls and monitoring for MHI-connected hardware

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if MHI module is loaded: lsmod | grep mhi

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commit: grep -q '2ec99b922f4661521927eeada76f431eebfbabc4' /proc/version_signature || uname -r

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes related to MHI driver
Memory corruption warnings in dmesg

Network Indicators:

Unusual MHI device communication patterns

SIEM Query:

source="kernel" AND ("mhi" OR "double free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2025-39790

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.01% exploit probability (1.2th percentile)

Published: September 11, 2025

Last Updated: January 16, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39790, you might also want to check these: