{ "threat_severity" : "Moderate", "public_date" : "2025-10-01T00:00:00Z", "bugzilla" : { "description" : "kernel: can: j1939: implement NETDEV_UNREGISTER notification handler", "id" : "2400629", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400629" }, "cvss3" : { "cvss3_base_score" : "4.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-911", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncan: j1939: implement NETDEV_UNREGISTER notification handler\nsyzbot is reporting\nunregister_netdevice: waiting for vcan0 to become free. Usage count = 2\nproblem, for j1939 protocol did not have NETDEV_UNREGISTER notification\nhandler for undoing changes made by j1939_sk_bind().\nCommit 25fe97cb7620 (\"can: j1939: move j1939_priv_put() into sk_destruct\ncallback\") expects that a call to j1939_priv_put() can be unconditionally\ndelayed until j1939_sk_sock_destruct() is called. But we need to call\nj1939_priv_put() against an extra ref held by j1939_sk_bind() call\n(as a part of undoing changes made by j1939_sk_bind()) as soon as\nNETDEV_UNREGISTER notification fires (i.e. before j1939_sk_sock_destruct()\nis called via j1939_sk_release()). Otherwise, the extra ref on \"struct\nj1939_priv\" held by j1939_sk_bind() call prevents \"struct net_device\" from\ndropping the usage count to 1; making it impossible for\nunregister_netdevice() to continue.\n[mkl: remove space in front of label]", "A flaw was discovered in the J1939 protocol implementation in the Linux kernel. The NETDEV_UNREGISTER notification handler was missing for undoing changes performed by j1939_sk_bind(). As a result, an extra reference remains on the j1939_priv structure when unregistering a network device, preventing its usage count from dropping and thus blocking the unregister_netdevice() call" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-12-09T00:00:00Z", "advisory" : "RHSA-2025:22854", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "kernel-0:6.12.0-124.20.1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0271", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "kernel-0:6.12.0-55.52.1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-12-09T00:00:00Z", "advisory" : "RHSA-2025:22865", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.13.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-12-09T00:00:00Z", "advisory" : "RHSA-2025:22865", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.13.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-01-14T00:00:00Z", "advisory" : "RHSA-2026:0576", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.161.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-01-14T00:00:00Z", "advisory" : "RHSA-2026:0537", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.161.1.rt21.233.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-01-14T00:00:00Z", "advisory" : "RHSA-2026:0535", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "kernel-0:5.14.0-284.152.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-01-14T00:00:00Z", "advisory" : "RHSA-2026:0534", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.152.1.rt14.437.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0173", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.104.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2025-12-22T00:00:00Z", "advisory" : "RHSA-2025:23789", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "kernel-0:5.14.0-570.76.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-39925\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-39925\nhttps://lore.kernel.org/linux-cve-announce/2025100124-CVE-2025-39925-bcec@gregkh/T" ], "name" : "CVE-2025-39925", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }