[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-39994":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":107,"related":108,"reserved_at":9,"published_at":127,"modified_at":128,"state":129,"summary":130,"references_raw":134,"kevs":173,"epss":174,"epss_history":177,"metrics":450,"affected":451},"CVE-2025-39994","In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread)                 | CPU 1 (delayed work callback)\nxc5000_release()                       | xc5000_do_timer_sleep()\n  cancel_delayed_work()                |\n  hybrid_tuner_release_state(priv)     |\n    kfree(priv)                        |\n                                       |   priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -> tuner]",null,[],[],[],[],[15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105],{"_key":16},"DLA-4379-1",{"_key":18},"DSA-6053-1",{"_key":20},"SUSE-SU-2025:4057-1",{"_key":22},"SUSE-SU-2025:4132-1",{"_key":24},"SUSE-SU-2025:4128-1",{"_key":26},"SUSE-SU-2025:4301-1",{"_key":28},"OPENSUSE-SU-2026:10301-1",{"_key":30},"SUSE-SU-2025:21040-1",{"_key":32},"SUSE-SU-2025:21052-1",{"_key":34},"SUSE-SU-2025:21056-1",{"_key":36},"SUSE-SU-2025:21064-1",{"_key":38},"SUSE-SU-2025:21080-1",{"_key":40},"SUSE-SU-2025:21147-1",{"_key":42},"SUSE-SU-2025:21180-1",{"_key":44},"SUSE-SU-2025:4141-1",{"_key":46},"SUSE-SU-2025:4140-1",{"_key":48},"OPENSUSE-SU-2025:15671-1",{"_key":50},"OPENSUSE-SU-2025:20091-1",{"_key":52},"MGASA-2025-0309",{"_key":54},"MGASA-2025-0310",{"_key":56},"USN-8033-1",{"_key":58},"USN-8033-2",{"_key":60},"USN-8033-3",{"_key":62},"USN-8033-4",{"_key":64},"USN-8033-5",{"_key":66},"USN-8033-6",{"_key":68},"USN-8033-7",{"_key":70},"USN-8033-8",{"_key":72},"USN-8034-1",{"_key":74},"USN-8034-2",{"_key":76},"DEBIAN-CVE-2025-39994",{"_key":78},"USN-8095-1",{"_key":80},"USN-8095-2",{"_key":82},"USN-8095-3",{"_key":84},"USN-8095-4",{"_key":86},"USN-8095-5",{"_key":88},"USN-8100-1",{"_key":90},"USN-8125-1",{"_key":92},"USN-8165-1",{"_key":94},"USN-8141-1",{"_key":96},"USN-8163-1",{"_key":98},"USN-8163-2",{"_key":100},"USN-8126-1",{"_key":102},"USN-8243-1",{"_key":104},"UBUNTU-CVE-2025-39994",{"_key":106},"USN-8261-1",[],[109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126],{"_key":20},{"_key":22},{"_key":24},{"_key":26},{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":54},"2025-10-15T07:58:19.503Z","2026-05-11T21:40:25.166Z","Deferred",{"cisa_kev":131,"cisa_ransomware":131,"cisa_vendor":9,"epss_severity":132,"epss_score":133,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":129},false,"low",0.00097,[135,141,145,149,153,157,161,165,169],{"url":136,"sources":137,"tags":140},"https://git.kernel.org/stable/c/bc4ffd962ce16a154c44c68853b9d93f5b6fc4b8",[138,139],"cve.org","nvd",[],{"url":142,"sources":143,"tags":144},"https://git.kernel.org/stable/c/e2f5eaafc0306a76fb1cb760aae804b065b8a341",[138,139],[],{"url":146,"sources":147,"tags":148},"https://git.kernel.org/stable/c/3f876cd47ed8bca1e28d68435845949f51f90703",[138,139],[],{"url":150,"sources":151,"tags":152},"https://git.kernel.org/stable/c/df0303b4839520b84d9367c2fad65b13650a4d42",[138,139],[],{"url":154,"sources":155,"tags":156},"https://git.kernel.org/stable/c/71ed8b81a4906cb785966910f39cf7f5ad60a69e",[138,139],[],{"url":158,"sources":159,"tags":160},"https://git.kernel.org/stable/c/effb1c19583bca7022fa641a70766de45c6d41ac",[138,139],[],{"url":162,"sources":163,"tags":164},"https://git.kernel.org/stable/c/9a00de20ed8ba90888479749b87bc1532cded4ce",[138,139],[],{"url":166,"sources":167,"tags":168},"https://git.kernel.org/stable/c/4266f012806fc18e46da4a04d130df59a4946f93",[138,139],[],{"url":170,"sources":171,"tags":172},"https://git.kernel.org/stable/c/40b7a19f321e65789612ebaca966472055dab48c",[138,139],[],[],{"date":175,"score":133,"percentile":176},"2026-06-04",0.26782,[178,182,185,188,191,194,197,200,203,206,209,212,215,219,222,226,229,232,235,238,241,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,290,293,296,299,302,305,308,311,314,317,320,323,326,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390,393,396,399,401,404,406,409,412,415,418,421,424,427,430,433,436,439,442,444,447],{"date":179,"score":180,"percentile":181},"2025-11-04",0.00043,0.12866,{"date":183,"score":180,"percentile":184},"2025-11-05",0.12891,{"date":186,"score":180,"percentile":187},"2025-11-06",0.1298,{"date":189,"score":180,"percentile":190},"2025-11-07",0.12993,{"date":192,"score":180,"percentile":193},"2025-11-08",0.12994,{"date":195,"score":180,"percentile":196},"2025-11-09",0.12968,{"date":198,"score":180,"percentile":199},"2025-11-10",0.12928,{"date":201,"score":180,"percentile":202},"2025-11-11",0.12942,{"date":204,"score":180,"percentile":205},"2025-11-12",0.12916,{"date":207,"score":180,"percentile":208},"2025-11-13",0.12934,{"date":210,"score":180,"percentile":211},"2025-11-14",0.12946,{"date":213,"score":180,"percentile":214},"2025-11-15",0.12939,{"date":216,"score":217,"percentile":218},"2025-11-16",0.00047,0.14407,{"date":220,"score":217,"percentile":221},"2025-11-17",0.14369,{"date":223,"score":224,"percentile":225},"2025-11-18",0.00082,0.20174,{"date":227,"score":224,"percentile":228},"2025-11-19",0.20184,{"date":230,"score":224,"percentile":231},"2025-11-20",0.20158,{"date":233,"score":224,"percentile":234},"2025-11-21",0.2448,{"date":236,"score":224,"percentile":237},"2025-11-22",0.24478,{"date":239,"score":224,"percentile":240},"2025-11-23",0.24428,{"date":242,"score":224,"percentile":243},"2025-11-24",0.24397,{"date":245,"score":224,"percentile":246},"2025-11-25",0.24386,{"date":248,"score":224,"percentile":249},"2025-11-26",0.24375,{"date":251,"score":224,"percentile":252},"2025-11-27",0.24372,{"date":254,"score":224,"percentile":255},"2025-11-28",0.24348,{"date":257,"score":224,"percentile":258},"2025-11-29",0.24334,{"date":260,"score":224,"percentile":261},"2025-11-30",0.24309,{"date":263,"score":224,"percentile":264},"2025-12-01",0.24354,{"date":266,"score":224,"percentile":267},"2025-12-02",0.24373,{"date":269,"score":224,"percentile":270},"2025-12-03",0.24384,{"date":272,"score":224,"percentile":273},"2025-12-04",0.24312,{"date":275,"score":224,"percentile":276},"2025-12-05",0.24361,{"date":278,"score":224,"percentile":279},"2025-12-06",0.24359,{"date":281,"score":224,"percentile":282},"2025-12-07",0.24323,{"date":284,"score":224,"percentile":285},"2025-12-08",0.24329,{"date":287,"score":288,"percentile":289},"2025-12-09",0.00068,0.21063,{"date":291,"score":288,"percentile":292},"2025-12-10",0.2114,{"date":294,"score":288,"percentile":295},"2025-12-11",0.21182,{"date":297,"score":288,"percentile":298},"2025-12-12",0.21196,{"date":300,"score":288,"percentile":301},"2025-12-13",0.21198,{"date":303,"score":288,"percentile":304},"2025-12-14",0.21166,{"date":306,"score":288,"percentile":307},"2025-12-15",0.21144,{"date":309,"score":288,"percentile":310},"2025-12-16",0.2117,{"date":312,"score":288,"percentile":313},"2025-12-17",0.21244,{"date":315,"score":288,"percentile":316},"2025-12-18",0.21327,{"date":318,"score":288,"percentile":319},"2025-12-19",0.21345,{"date":321,"score":288,"percentile":322},"2025-12-20",0.21322,{"date":324,"score":288,"percentile":325},"2025-12-21",0.21271,{"date":327,"score":328,"percentile":329},"2025-12-22",0.00071,0.22069,{"date":331,"score":328,"percentile":332},"2025-12-23",0.22066,{"date":334,"score":328,"percentile":335},"2025-12-24",0.22084,{"date":337,"score":328,"percentile":338},"2025-12-25",0.22166,{"date":340,"score":328,"percentile":341},"2025-12-26",0.22151,{"date":343,"score":328,"percentile":344},"2025-12-27",0.22162,{"date":346,"score":328,"percentile":347},"2025-12-28",0.22116,{"date":349,"score":328,"percentile":350},"2025-12-29",0.22082,{"date":352,"score":328,"percentile":353},"2025-12-30",0.22063,{"date":355,"score":328,"percentile":356},"2025-12-31",0.22119,{"date":358,"score":328,"percentile":359},"2026-01-01",0.22214,{"date":361,"score":328,"percentile":362},"2026-01-02",0.2221,{"date":364,"score":328,"percentile":365},"2026-01-03",0.22194,{"date":367,"score":328,"percentile":368},"2026-01-04",0.22094,{"date":370,"score":328,"percentile":371},"2026-01-05",0.22088,{"date":373,"score":328,"percentile":374},"2026-01-06",0.22102,{"date":376,"score":328,"percentile":377},"2026-01-07",0.22141,{"date":379,"score":328,"percentile":380},"2026-01-08",0.22195,{"date":382,"score":328,"percentile":383},"2026-01-09",0.22185,{"date":385,"score":328,"percentile":386},"2026-01-10",0.22179,{"date":388,"score":328,"percentile":389},"2026-01-11",0.22145,{"date":391,"score":328,"percentile":392},"2026-01-12",0.22112,{"date":394,"score":328,"percentile":395},"2026-01-13",0.2209,{"date":397,"score":328,"percentile":398},"2026-01-14",0.22154,{"date":400,"score":328,"percentile":341},"2026-01-15",{"date":402,"score":328,"percentile":403},"2026-01-16",0.22176,{"date":405,"score":328,"percentile":403},"2026-01-17",{"date":407,"score":328,"percentile":408},"2026-01-18",0.22123,{"date":410,"score":328,"percentile":411},"2026-01-19",0.22075,{"date":413,"score":328,"percentile":414},"2026-01-20",0.22047,{"date":416,"score":328,"percentile":417},"2026-01-21",0.22004,{"date":419,"score":328,"percentile":420},"2026-01-22",0.21986,{"date":422,"score":328,"percentile":423},"2026-01-23",0.22074,{"date":425,"score":328,"percentile":426},"2026-01-24",0.22091,{"date":428,"score":328,"percentile":429},"2026-01-25",0.22015,{"date":431,"score":328,"percentile":432},"2026-01-26",0.21905,{"date":434,"score":328,"percentile":435},"2026-01-27",0.21892,{"date":437,"score":328,"percentile":438},"2026-01-28",0.21898,{"date":440,"score":328,"percentile":441},"2026-01-29",0.21851,{"date":443,"score":328,"percentile":441},"2026-01-30",{"date":445,"score":328,"percentile":446},"2026-01-31",0.21859,{"date":448,"score":328,"percentile":449},"2026-02-01",0.219,[],[452],{"ecosystem":9,"name":453,"vendor":454,"product":454,"cpe_part":455,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":456},"Linux","linux","a",[457,464,467,470,473,476,479,482,485,488],{"version":458,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":462,"version_end_type":463,"fixed_in":9},">= f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8, \u003C bc4ffd962ce16a154c44c68853b9d93f5b6fc4b8",true,"f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8","including","bc4ffd962ce16a154c44c68853b9d93f5b6fc4b8","excluding",{"version":465,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":466,"version_end_type":463,"fixed_in":9},">= f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8, \u003C e2f5eaafc0306a76fb1cb760aae804b065b8a341","e2f5eaafc0306a76fb1cb760aae804b065b8a341",{"version":468,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":469,"version_end_type":463,"fixed_in":9},">= f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8, \u003C 3f876cd47ed8bca1e28d68435845949f51f90703","3f876cd47ed8bca1e28d68435845949f51f90703",{"version":471,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":472,"version_end_type":463,"fixed_in":9},">= f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8, \u003C df0303b4839520b84d9367c2fad65b13650a4d42","df0303b4839520b84d9367c2fad65b13650a4d42",{"version":474,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":475,"version_end_type":463,"fixed_in":9},">= f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8, \u003C 71ed8b81a4906cb785966910f39cf7f5ad60a69e","71ed8b81a4906cb785966910f39cf7f5ad60a69e",{"version":477,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":478,"version_end_type":463,"fixed_in":9},">= f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8, \u003C effb1c19583bca7022fa641a70766de45c6d41ac","effb1c19583bca7022fa641a70766de45c6d41ac",{"version":480,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":481,"version_end_type":463,"fixed_in":9},">= f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8, \u003C 9a00de20ed8ba90888479749b87bc1532cded4ce","9a00de20ed8ba90888479749b87bc1532cded4ce",{"version":483,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":484,"version_end_type":463,"fixed_in":9},">= f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8, \u003C 4266f012806fc18e46da4a04d130df59a4946f93","4266f012806fc18e46da4a04d130df59a4946f93",{"version":486,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":487,"version_end_type":463,"fixed_in":9},">= f7a27ff1fb77e114d1059a5eb2ed1cffdc508ce8, \u003C 40b7a19f321e65789612ebaca966472055dab48c","40b7a19f321e65789612ebaca966472055dab48c",{"version":489,"is_range":131,"range_type":138,"version_start":489,"version_start_type":461,"version_end":489,"version_end_type":461,"fixed_in":9},"3.16"]