Login Sign Up

CVE-2025-39873

7.8 HIGH
Denial of Service

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's Xilinx CAN driver that occurs when transmitting network packets. It allows attackers with local access to potentially crash the system or execute arbitrary code. Systems using Xilinx CAN hardware with vulnerable kernel versions are affected.

💻 Affected Systems

Products:
  • Linux kernel with Xilinx CAN driver (xilinx_can)
Versions: Linux kernel versions containing the vulnerable code up to the fix commit
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using Xilinx CAN hardware. The vulnerability is in the driver code and requires the driver to be loaded and used.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, leading to complete system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

No impact if patched or if Xilinx CAN hardware is not used.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of the system. Use-after-free vulnerabilities can be challenging to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commit 1139321161a3ba5e45e61e0738b37f42f20bc57a and backported to stable branches

Vendor Advisory: https://git.kernel.org/stable/c/1139321161a3ba5e45e61e0738b37f42f20bc57a

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commit 2. Reboot system to load new kernel 3. Verify Xilinx CAN driver is updated

🔧 Temporary Workarounds

Disable Xilinx CAN driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist xilinx_can' >> /etc/modprobe.d/blacklist.conf
rmmod xilinx_can

🧯 If You Can't Patch

  • Disable Xilinx CAN hardware if not required
  • Restrict local access to systems using Xilinx CAN hardware

🔍 How to Verify

Check if Vulnerable:

Check if Xilinx CAN driver is loaded: lsmod | grep xilinx_can AND check kernel version against affected versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit 1139321161a3ba5e45e61e0738b37f42f20bc57a

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • System crashes/panics related to CAN or network drivers
  • Unexpected reboots

Network Indicators:

  • Unusual CAN bus traffic patterns

SIEM Query:

source="kernel" AND ("xilinx_can" OR "CAN" OR "use-after-free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2025-39873
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.02% exploit probability (5.7th percentile)
Published: September 23, 2025
Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39873, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)