[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-39993":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":139,"related":140,"reserved_at":9,"published_at":159,"modified_at":160,"state":161,"summary":162,"references_raw":166,"kevs":205,"epss":206,"epss_history":209,"metrics":482,"affected":483},"CVE-2025-39993","In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003CTASK>\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx->users). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write                      Thread 2 imon_disconnect\n                                        ...\n                                        if\n                                          usb_put_dev(ictx->usbdev_intf0)\n                                        else\n                                          usb_put_dev(ictx->usbdev_intf1)\n...\nwhile\n  send_packet\n    if\n      pipe = usb_sndintpipe(\n        ictx->usbdev_intf0) UAF\n    else\n      pipe = usb_sndctrlpipe(\n        ictx->usbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx->disconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx->disconnected under ictx->lock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",null,[],[],[],[],[15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137],{"_key":16},"DLA-4379-1",{"_key":18},"DSA-6053-1",{"_key":20},"SUSE-SU-2025:4057-1",{"_key":22},"SUSE-SU-2025:4132-1",{"_key":24},"SUSE-SU-2025:4128-1",{"_key":26},"SUSE-SU-2025:4301-1",{"_key":28},"OPENSUSE-SU-2026:10301-1",{"_key":30},"RHSA-2026:1442",{"_key":32},"RHSA-2026:1512",{"_key":34},"SUSE-SU-2025:21040-1",{"_key":36},"SUSE-SU-2025:21052-1",{"_key":38},"SUSE-SU-2025:21056-1",{"_key":40},"SUSE-SU-2025:21064-1",{"_key":42},"SUSE-SU-2025:21080-1",{"_key":44},"SUSE-SU-2025:21147-1",{"_key":46},"SUSE-SU-2025:21180-1",{"_key":48},"SUSE-SU-2025:4141-1",{"_key":50},"SUSE-SU-2025:4140-1",{"_key":52},"OPENSUSE-SU-2025:15671-1",{"_key":54},"OPENSUSE-SU-2025:20091-1",{"_key":56},"RHSA-2026:0533",{"_key":58},"RHSA-2026:3634",{"_key":60},"RHSA-2026:3685",{"_key":62},"MGASA-2025-0309",{"_key":64},"MGASA-2025-0310",{"_key":66},"USN-7921-1",{"_key":68},"USN-7921-2",{"_key":70},"USN-7922-1",{"_key":72},"USN-7922-2",{"_key":74},"USN-7922-3",{"_key":76},"USN-7922-4",{"_key":78},"USN-7922-5",{"_key":80},"USN-7928-1",{"_key":82},"USN-7928-2",{"_key":84},"USN-7928-3",{"_key":86},"USN-7928-4",{"_key":88},"USN-7928-5",{"_key":90},"USN-7931-1",{"_key":92},"USN-7931-2",{"_key":94},"USN-7931-3",{"_key":96},"USN-7931-4",{"_key":98},"USN-7931-5",{"_key":100},"USN-7935-1",{"_key":102},"USN-7936-1",{"_key":104},"USN-7939-1",{"_key":106},"USN-7939-2",{"_key":108},"USN-7987-1",{"_key":110},"USN-7987-2",{"_key":112},"USN-7988-1",{"_key":114},"USN-7988-2",{"_key":116},"USN-7988-3",{"_key":118},"USN-7988-4",{"_key":120},"USN-7988-5",{"_key":122},"RHSA-2026:1445",{"_key":124},"DEBIAN-CVE-2025-39993",{"_key":126},"USN-7938-1",{"_key":128},"RHSA-2026:0443",{"_key":130},"RHSA-2026:0444",{"_key":132},"USN-7934-1",{"_key":134},"UBUNTU-CVE-2025-39993",{"_key":136},"USN-7940-1",{"_key":138},"USN-7940-2",[],[141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158],{"_key":20},{"_key":22},{"_key":24},{"_key":26},{"_key":28},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":54},{"_key":62},{"_key":64},"2025-10-15T07:58:18.621Z","2026-05-11T21:40:23.999Z","Deferred",{"cisa_kev":163,"cisa_ransomware":163,"cisa_vendor":9,"epss_severity":164,"epss_score":165,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":161},false,"low",0.00097,[167,173,177,181,185,189,193,197,201],{"url":168,"sources":169,"tags":172},"https://git.kernel.org/stable/c/9348976003e39754af344949579e824a0a210fc4",[170,171],"cve.org","nvd",[],{"url":174,"sources":175,"tags":176},"https://git.kernel.org/stable/c/b03fac6e2a38331faf8510b480becfa90cea1c9f",[170,171],[],{"url":178,"sources":179,"tags":180},"https://git.kernel.org/stable/c/71c52b073922d05e79e6de7fc7f5f38f927929a4",[170,171],[],{"url":182,"sources":183,"tags":184},"https://git.kernel.org/stable/c/71096a6161a25e84acddb89a9d77f138502d26ab",[170,171],[],{"url":186,"sources":187,"tags":188},"https://git.kernel.org/stable/c/71da40648741d15b302700b68973fe8b382aef3c",[170,171],[],{"url":190,"sources":191,"tags":192},"https://git.kernel.org/stable/c/fd5d3e6b149ec8cce045d86a2b5e3664d6b32ba5",[170,171],[],{"url":194,"sources":195,"tags":196},"https://git.kernel.org/stable/c/d9f6ce99624a41c3bcb29a8d7d79b800665229dd",[170,171],[],{"url":198,"sources":199,"tags":200},"https://git.kernel.org/stable/c/2e7fd93b9cc565b839bc55a6662475718963e156",[170,171],[],{"url":202,"sources":203,"tags":204},"https://git.kernel.org/stable/c/fa0f61cc1d828178aa921475a9b786e7fbb65ccb",[170,171],[],[],{"date":207,"score":165,"percentile":208},"2026-06-03",0.26791,[210,214,217,220,223,226,229,232,235,238,241,244,247,251,254,257,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,322,325,328,331,334,337,340,343,346,349,352,355,358,362,365,368,371,374,377,380,383,386,389,392,395,398,401,404,407,410,413,416,419,422,425,428,431,433,436,438,441,444,447,450,453,456,459,462,465,468,471,474,476,479],{"date":211,"score":212,"percentile":213},"2025-11-04",0.00043,0.12866,{"date":215,"score":212,"percentile":216},"2025-11-05",0.12891,{"date":218,"score":212,"percentile":219},"2025-11-06",0.1298,{"date":221,"score":212,"percentile":222},"2025-11-07",0.12993,{"date":224,"score":212,"percentile":225},"2025-11-08",0.12994,{"date":227,"score":212,"percentile":228},"2025-11-09",0.12968,{"date":230,"score":212,"percentile":231},"2025-11-10",0.12928,{"date":233,"score":212,"percentile":234},"2025-11-11",0.12942,{"date":236,"score":212,"percentile":237},"2025-11-12",0.12916,{"date":239,"score":212,"percentile":240},"2025-11-13",0.12934,{"date":242,"score":212,"percentile":243},"2025-11-14",0.12946,{"date":245,"score":212,"percentile":246},"2025-11-15",0.12939,{"date":248,"score":249,"percentile":250},"2025-11-16",0.00047,0.14407,{"date":252,"score":249,"percentile":253},"2025-11-17",0.14369,{"date":255,"score":249,"percentile":256},"2025-11-18",0.09828,{"date":258,"score":259,"percentile":260},"2025-11-19",0.00082,0.20184,{"date":262,"score":259,"percentile":263},"2025-11-20",0.20158,{"date":265,"score":259,"percentile":266},"2025-11-21",0.2448,{"date":268,"score":259,"percentile":269},"2025-11-22",0.24478,{"date":271,"score":259,"percentile":272},"2025-11-23",0.24428,{"date":274,"score":259,"percentile":275},"2025-11-24",0.24397,{"date":277,"score":259,"percentile":278},"2025-11-25",0.24386,{"date":280,"score":259,"percentile":281},"2025-11-26",0.24375,{"date":283,"score":259,"percentile":284},"2025-11-27",0.24372,{"date":286,"score":259,"percentile":287},"2025-11-28",0.24348,{"date":289,"score":259,"percentile":290},"2025-11-29",0.24334,{"date":292,"score":259,"percentile":293},"2025-11-30",0.24309,{"date":295,"score":259,"percentile":296},"2025-12-01",0.24354,{"date":298,"score":259,"percentile":299},"2025-12-02",0.24373,{"date":301,"score":259,"percentile":302},"2025-12-03",0.24384,{"date":304,"score":259,"percentile":305},"2025-12-04",0.24312,{"date":307,"score":259,"percentile":308},"2025-12-05",0.24361,{"date":310,"score":259,"percentile":311},"2025-12-06",0.24359,{"date":313,"score":259,"percentile":314},"2025-12-07",0.24323,{"date":316,"score":259,"percentile":317},"2025-12-08",0.24329,{"date":319,"score":320,"percentile":321},"2025-12-09",0.00068,0.21063,{"date":323,"score":320,"percentile":324},"2025-12-10",0.2114,{"date":326,"score":320,"percentile":327},"2025-12-11",0.21182,{"date":329,"score":320,"percentile":330},"2025-12-12",0.21196,{"date":332,"score":320,"percentile":333},"2025-12-13",0.21198,{"date":335,"score":320,"percentile":336},"2025-12-14",0.21166,{"date":338,"score":320,"percentile":339},"2025-12-15",0.21144,{"date":341,"score":320,"percentile":342},"2025-12-16",0.2117,{"date":344,"score":320,"percentile":345},"2025-12-17",0.21244,{"date":347,"score":320,"percentile":348},"2025-12-18",0.21327,{"date":350,"score":320,"percentile":351},"2025-12-19",0.21345,{"date":353,"score":320,"percentile":354},"2025-12-20",0.21322,{"date":356,"score":320,"percentile":357},"2025-12-21",0.21271,{"date":359,"score":360,"percentile":361},"2025-12-22",0.00071,0.22069,{"date":363,"score":360,"percentile":364},"2025-12-23",0.22066,{"date":366,"score":360,"percentile":367},"2025-12-24",0.22084,{"date":369,"score":360,"percentile":370},"2025-12-25",0.22166,{"date":372,"score":360,"percentile":373},"2025-12-26",0.22151,{"date":375,"score":360,"percentile":376},"2025-12-27",0.22162,{"date":378,"score":360,"percentile":379},"2025-12-28",0.22116,{"date":381,"score":360,"percentile":382},"2025-12-29",0.22082,{"date":384,"score":360,"percentile":385},"2025-12-30",0.22063,{"date":387,"score":360,"percentile":388},"2025-12-31",0.22119,{"date":390,"score":360,"percentile":391},"2026-01-01",0.22214,{"date":393,"score":360,"percentile":394},"2026-01-02",0.2221,{"date":396,"score":360,"percentile":397},"2026-01-03",0.22194,{"date":399,"score":360,"percentile":400},"2026-01-04",0.22094,{"date":402,"score":360,"percentile":403},"2026-01-05",0.22088,{"date":405,"score":360,"percentile":406},"2026-01-06",0.22102,{"date":408,"score":360,"percentile":409},"2026-01-07",0.22141,{"date":411,"score":360,"percentile":412},"2026-01-08",0.22195,{"date":414,"score":360,"percentile":415},"2026-01-09",0.22185,{"date":417,"score":360,"percentile":418},"2026-01-10",0.22179,{"date":420,"score":360,"percentile":421},"2026-01-11",0.22145,{"date":423,"score":360,"percentile":424},"2026-01-12",0.22112,{"date":426,"score":360,"percentile":427},"2026-01-13",0.2209,{"date":429,"score":360,"percentile":430},"2026-01-14",0.22154,{"date":432,"score":360,"percentile":373},"2026-01-15",{"date":434,"score":360,"percentile":435},"2026-01-16",0.22176,{"date":437,"score":360,"percentile":435},"2026-01-17",{"date":439,"score":360,"percentile":440},"2026-01-18",0.22123,{"date":442,"score":360,"percentile":443},"2026-01-19",0.22075,{"date":445,"score":360,"percentile":446},"2026-01-20",0.22047,{"date":448,"score":360,"percentile":449},"2026-01-21",0.22004,{"date":451,"score":360,"percentile":452},"2026-01-22",0.21986,{"date":454,"score":360,"percentile":455},"2026-01-23",0.22074,{"date":457,"score":360,"percentile":458},"2026-01-24",0.22091,{"date":460,"score":360,"percentile":461},"2026-01-25",0.22015,{"date":463,"score":360,"percentile":464},"2026-01-26",0.21905,{"date":466,"score":360,"percentile":467},"2026-01-27",0.21892,{"date":469,"score":360,"percentile":470},"2026-01-28",0.21898,{"date":472,"score":360,"percentile":473},"2026-01-29",0.21851,{"date":475,"score":360,"percentile":473},"2026-01-30",{"date":477,"score":360,"percentile":478},"2026-01-31",0.21859,{"date":480,"score":360,"percentile":481},"2026-02-01",0.219,[],[484],{"ecosystem":9,"name":485,"vendor":486,"product":486,"cpe_part":487,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":488},"Linux","linux","a",[489,496,499,502,505,508,511,514,517,520],{"version":490,"is_range":491,"range_type":170,"version_start":492,"version_start_type":493,"version_end":494,"version_end_type":495,"fixed_in":9},">= 21677cfc562a27e099719d413287bc8d1d24deb7, \u003C 9348976003e39754af344949579e824a0a210fc4",true,"21677cfc562a27e099719d413287bc8d1d24deb7","including","9348976003e39754af344949579e824a0a210fc4","excluding",{"version":497,"is_range":491,"range_type":170,"version_start":492,"version_start_type":493,"version_end":498,"version_end_type":495,"fixed_in":9},">= 21677cfc562a27e099719d413287bc8d1d24deb7, \u003C b03fac6e2a38331faf8510b480becfa90cea1c9f","b03fac6e2a38331faf8510b480becfa90cea1c9f",{"version":500,"is_range":491,"range_type":170,"version_start":492,"version_start_type":493,"version_end":501,"version_end_type":495,"fixed_in":9},">= 21677cfc562a27e099719d413287bc8d1d24deb7, \u003C 71c52b073922d05e79e6de7fc7f5f38f927929a4","71c52b073922d05e79e6de7fc7f5f38f927929a4",{"version":503,"is_range":491,"range_type":170,"version_start":492,"version_start_type":493,"version_end":504,"version_end_type":495,"fixed_in":9},">= 21677cfc562a27e099719d413287bc8d1d24deb7, \u003C 71096a6161a25e84acddb89a9d77f138502d26ab","71096a6161a25e84acddb89a9d77f138502d26ab",{"version":506,"is_range":491,"range_type":170,"version_start":492,"version_start_type":493,"version_end":507,"version_end_type":495,"fixed_in":9},">= 21677cfc562a27e099719d413287bc8d1d24deb7, \u003C 71da40648741d15b302700b68973fe8b382aef3c","71da40648741d15b302700b68973fe8b382aef3c",{"version":509,"is_range":491,"range_type":170,"version_start":492,"version_start_type":493,"version_end":510,"version_end_type":495,"fixed_in":9},">= 21677cfc562a27e099719d413287bc8d1d24deb7, \u003C fd5d3e6b149ec8cce045d86a2b5e3664d6b32ba5","fd5d3e6b149ec8cce045d86a2b5e3664d6b32ba5",{"version":512,"is_range":491,"range_type":170,"version_start":492,"version_start_type":493,"version_end":513,"version_end_type":495,"fixed_in":9},">= 21677cfc562a27e099719d413287bc8d1d24deb7, \u003C d9f6ce99624a41c3bcb29a8d7d79b800665229dd","d9f6ce99624a41c3bcb29a8d7d79b800665229dd",{"version":515,"is_range":491,"range_type":170,"version_start":492,"version_start_type":493,"version_end":516,"version_end_type":495,"fixed_in":9},">= 21677cfc562a27e099719d413287bc8d1d24deb7, \u003C 2e7fd93b9cc565b839bc55a6662475718963e156","2e7fd93b9cc565b839bc55a6662475718963e156",{"version":518,"is_range":491,"range_type":170,"version_start":492,"version_start_type":493,"version_end":519,"version_end_type":495,"fixed_in":9},">= 21677cfc562a27e099719d413287bc8d1d24deb7, \u003C fa0f61cc1d828178aa921475a9b786e7fbb65ccb","fa0f61cc1d828178aa921475a9b786e7fbb65ccb",{"version":521,"is_range":163,"range_type":170,"version_start":521,"version_start_type":493,"version_end":521,"version_end_type":493,"fixed_in":9},"2.6.35"]