[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-39995":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":107,"related":108,"reserved_at":9,"published_at":127,"modified_at":128,"state":129,"summary":130,"references_raw":134,"kevs":173,"epss":174,"epss_history":177,"metrics":450,"affected":451},"CVE-2025-39995","In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state->timer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn't still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003CIRQ>\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003C/IRQ>\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610  i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",null,[],[],[],[],[15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105],{"_key":16},"DLA-4379-1",{"_key":18},"DSA-6053-1",{"_key":20},"SUSE-SU-2025:4057-1",{"_key":22},"SUSE-SU-2025:4132-1",{"_key":24},"SUSE-SU-2025:4128-1",{"_key":26},"SUSE-SU-2025:4301-1",{"_key":28},"OPENSUSE-SU-2026:10301-1",{"_key":30},"SUSE-SU-2025:21040-1",{"_key":32},"SUSE-SU-2025:21052-1",{"_key":34},"SUSE-SU-2025:21056-1",{"_key":36},"SUSE-SU-2025:21064-1",{"_key":38},"SUSE-SU-2025:21080-1",{"_key":40},"SUSE-SU-2025:21147-1",{"_key":42},"SUSE-SU-2025:21180-1",{"_key":44},"SUSE-SU-2025:4141-1",{"_key":46},"SUSE-SU-2025:4140-1",{"_key":48},"OPENSUSE-SU-2025:15671-1",{"_key":50},"OPENSUSE-SU-2025:20091-1",{"_key":52},"MGASA-2025-0309",{"_key":54},"MGASA-2025-0310",{"_key":56},"USN-8033-1",{"_key":58},"USN-8033-2",{"_key":60},"USN-8033-3",{"_key":62},"USN-8033-4",{"_key":64},"USN-8033-5",{"_key":66},"USN-8033-6",{"_key":68},"USN-8033-7",{"_key":70},"USN-8033-8",{"_key":72},"USN-8034-1",{"_key":74},"USN-8034-2",{"_key":76},"DEBIAN-CVE-2025-39995",{"_key":78},"USN-8095-1",{"_key":80},"USN-8095-2",{"_key":82},"USN-8095-3",{"_key":84},"USN-8095-4",{"_key":86},"USN-8095-5",{"_key":88},"USN-8100-1",{"_key":90},"USN-8125-1",{"_key":92},"USN-8165-1",{"_key":94},"USN-8141-1",{"_key":96},"USN-8163-1",{"_key":98},"USN-8163-2",{"_key":100},"USN-8126-1",{"_key":102},"USN-8243-1",{"_key":104},"UBUNTU-CVE-2025-39995",{"_key":106},"USN-8261-1",[],[109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126],{"_key":20},{"_key":22},{"_key":24},{"_key":26},{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":54},"2025-10-15T07:58:20.365Z","2026-05-11T21:40:26.312Z","Deferred",{"cisa_kev":131,"cisa_ransomware":131,"cisa_vendor":9,"epss_severity":132,"epss_score":133,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":129},false,"low",0.00097,[135,141,145,149,153,157,161,165,169],{"url":136,"sources":137,"tags":140},"https://git.kernel.org/stable/c/9205fb6e617a1c596d9a9ad2a160ee696e09d520",[138,139],"cve.org","nvd",[],{"url":142,"sources":143,"tags":144},"https://git.kernel.org/stable/c/70913586c717dd25cfbade7a418e92cc9c99398a",[138,139],[],{"url":146,"sources":147,"tags":148},"https://git.kernel.org/stable/c/663faf1179db9663a3793c75e9bc869358bad910",[138,139],[],{"url":150,"sources":151,"tags":152},"https://git.kernel.org/stable/c/3d17701c156579969470e58b3a906511f8bc018d",[138,139],[],{"url":154,"sources":155,"tags":156},"https://git.kernel.org/stable/c/228d06c4cbfc750f1216a3fd91b4693b0766d2f6",[138,139],[],{"url":158,"sources":159,"tags":160},"https://git.kernel.org/stable/c/f92181c0e13cad9671d07b15be695a97fc2534a3",[138,139],[],{"url":162,"sources":163,"tags":164},"https://git.kernel.org/stable/c/f3f3f00bcabbd2ce0a77a2ac7a6797b8646bfd8b",[138,139],[],{"url":166,"sources":167,"tags":168},"https://git.kernel.org/stable/c/2610617effb4454d2f1c434c011ccb5cc7140711",[138,139],[],{"url":170,"sources":171,"tags":172},"https://git.kernel.org/stable/c/79d10f4f21a92e459b2276a77be62c59c1502c9d",[138,139],[],[],{"date":175,"score":133,"percentile":176},"2026-06-04",0.26782,[178,182,185,188,191,194,197,200,203,206,209,212,215,219,222,225,229,232,235,238,241,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,290,293,296,299,302,305,308,311,314,317,320,323,326,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390,393,396,399,401,404,406,409,412,415,418,421,424,427,430,433,436,439,442,444,447],{"date":179,"score":180,"percentile":181},"2025-11-04",0.00043,0.12866,{"date":183,"score":180,"percentile":184},"2025-11-05",0.12891,{"date":186,"score":180,"percentile":187},"2025-11-06",0.1298,{"date":189,"score":180,"percentile":190},"2025-11-07",0.12993,{"date":192,"score":180,"percentile":193},"2025-11-08",0.12994,{"date":195,"score":180,"percentile":196},"2025-11-09",0.12968,{"date":198,"score":180,"percentile":199},"2025-11-10",0.12928,{"date":201,"score":180,"percentile":202},"2025-11-11",0.12942,{"date":204,"score":180,"percentile":205},"2025-11-12",0.12916,{"date":207,"score":180,"percentile":208},"2025-11-13",0.12934,{"date":210,"score":180,"percentile":211},"2025-11-14",0.12946,{"date":213,"score":180,"percentile":214},"2025-11-15",0.12939,{"date":216,"score":217,"percentile":218},"2025-11-16",0.00047,0.14407,{"date":220,"score":217,"percentile":221},"2025-11-17",0.14369,{"date":223,"score":217,"percentile":224},"2025-11-18",0.09828,{"date":226,"score":227,"percentile":228},"2025-11-19",0.00082,0.20184,{"date":230,"score":227,"percentile":231},"2025-11-20",0.20158,{"date":233,"score":227,"percentile":234},"2025-11-21",0.2448,{"date":236,"score":227,"percentile":237},"2025-11-22",0.24478,{"date":239,"score":227,"percentile":240},"2025-11-23",0.24428,{"date":242,"score":227,"percentile":243},"2025-11-24",0.24397,{"date":245,"score":227,"percentile":246},"2025-11-25",0.24386,{"date":248,"score":227,"percentile":249},"2025-11-26",0.24375,{"date":251,"score":227,"percentile":252},"2025-11-27",0.24372,{"date":254,"score":227,"percentile":255},"2025-11-28",0.24348,{"date":257,"score":227,"percentile":258},"2025-11-29",0.24334,{"date":260,"score":227,"percentile":261},"2025-11-30",0.24309,{"date":263,"score":227,"percentile":264},"2025-12-01",0.24354,{"date":266,"score":227,"percentile":267},"2025-12-02",0.24373,{"date":269,"score":227,"percentile":270},"2025-12-03",0.24384,{"date":272,"score":227,"percentile":273},"2025-12-04",0.24312,{"date":275,"score":227,"percentile":276},"2025-12-05",0.24361,{"date":278,"score":227,"percentile":279},"2025-12-06",0.24359,{"date":281,"score":227,"percentile":282},"2025-12-07",0.24323,{"date":284,"score":227,"percentile":285},"2025-12-08",0.24329,{"date":287,"score":288,"percentile":289},"2025-12-09",0.00068,0.21063,{"date":291,"score":288,"percentile":292},"2025-12-10",0.2114,{"date":294,"score":288,"percentile":295},"2025-12-11",0.21182,{"date":297,"score":288,"percentile":298},"2025-12-12",0.21196,{"date":300,"score":288,"percentile":301},"2025-12-13",0.21198,{"date":303,"score":288,"percentile":304},"2025-12-14",0.21166,{"date":306,"score":288,"percentile":307},"2025-12-15",0.21144,{"date":309,"score":288,"percentile":310},"2025-12-16",0.2117,{"date":312,"score":288,"percentile":313},"2025-12-17",0.21244,{"date":315,"score":288,"percentile":316},"2025-12-18",0.21327,{"date":318,"score":288,"percentile":319},"2025-12-19",0.21345,{"date":321,"score":288,"percentile":322},"2025-12-20",0.21322,{"date":324,"score":288,"percentile":325},"2025-12-21",0.21271,{"date":327,"score":328,"percentile":329},"2025-12-22",0.00071,0.22069,{"date":331,"score":328,"percentile":332},"2025-12-23",0.22066,{"date":334,"score":328,"percentile":335},"2025-12-24",0.22084,{"date":337,"score":328,"percentile":338},"2025-12-25",0.22166,{"date":340,"score":328,"percentile":341},"2025-12-26",0.22151,{"date":343,"score":328,"percentile":344},"2025-12-27",0.22162,{"date":346,"score":328,"percentile":347},"2025-12-28",0.22116,{"date":349,"score":328,"percentile":350},"2025-12-29",0.22082,{"date":352,"score":328,"percentile":353},"2025-12-30",0.22063,{"date":355,"score":328,"percentile":356},"2025-12-31",0.22119,{"date":358,"score":328,"percentile":359},"2026-01-01",0.22214,{"date":361,"score":328,"percentile":362},"2026-01-02",0.2221,{"date":364,"score":328,"percentile":365},"2026-01-03",0.22194,{"date":367,"score":328,"percentile":368},"2026-01-04",0.22094,{"date":370,"score":328,"percentile":371},"2026-01-05",0.22088,{"date":373,"score":328,"percentile":374},"2026-01-06",0.22102,{"date":376,"score":328,"percentile":377},"2026-01-07",0.22141,{"date":379,"score":328,"percentile":380},"2026-01-08",0.22195,{"date":382,"score":328,"percentile":383},"2026-01-09",0.22185,{"date":385,"score":328,"percentile":386},"2026-01-10",0.22179,{"date":388,"score":328,"percentile":389},"2026-01-11",0.22145,{"date":391,"score":328,"percentile":392},"2026-01-12",0.22112,{"date":394,"score":328,"percentile":395},"2026-01-13",0.2209,{"date":397,"score":328,"percentile":398},"2026-01-14",0.22154,{"date":400,"score":328,"percentile":341},"2026-01-15",{"date":402,"score":328,"percentile":403},"2026-01-16",0.22176,{"date":405,"score":328,"percentile":403},"2026-01-17",{"date":407,"score":328,"percentile":408},"2026-01-18",0.22123,{"date":410,"score":328,"percentile":411},"2026-01-19",0.22075,{"date":413,"score":328,"percentile":414},"2026-01-20",0.22047,{"date":416,"score":328,"percentile":417},"2026-01-21",0.22004,{"date":419,"score":328,"percentile":420},"2026-01-22",0.21986,{"date":422,"score":328,"percentile":423},"2026-01-23",0.22074,{"date":425,"score":328,"percentile":426},"2026-01-24",0.22091,{"date":428,"score":328,"percentile":429},"2026-01-25",0.22015,{"date":431,"score":328,"percentile":432},"2026-01-26",0.21905,{"date":434,"score":328,"percentile":435},"2026-01-27",0.21892,{"date":437,"score":328,"percentile":438},"2026-01-28",0.21898,{"date":440,"score":328,"percentile":441},"2026-01-29",0.21851,{"date":443,"score":328,"percentile":441},"2026-01-30",{"date":445,"score":328,"percentile":446},"2026-01-31",0.21859,{"date":448,"score":328,"percentile":449},"2026-02-01",0.219,[],[452],{"ecosystem":9,"name":453,"vendor":454,"product":454,"cpe_part":455,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":456},"Linux","linux","a",[457,464,467,470,473,476,479,482,485,488],{"version":458,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":462,"version_end_type":463,"fixed_in":9},">= d32d98642de66048f9534a05f3641558e811bbc9, \u003C 9205fb6e617a1c596d9a9ad2a160ee696e09d520",true,"d32d98642de66048f9534a05f3641558e811bbc9","including","9205fb6e617a1c596d9a9ad2a160ee696e09d520","excluding",{"version":465,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":466,"version_end_type":463,"fixed_in":9},">= d32d98642de66048f9534a05f3641558e811bbc9, \u003C 70913586c717dd25cfbade7a418e92cc9c99398a","70913586c717dd25cfbade7a418e92cc9c99398a",{"version":468,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":469,"version_end_type":463,"fixed_in":9},">= d32d98642de66048f9534a05f3641558e811bbc9, \u003C 663faf1179db9663a3793c75e9bc869358bad910","663faf1179db9663a3793c75e9bc869358bad910",{"version":471,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":472,"version_end_type":463,"fixed_in":9},">= d32d98642de66048f9534a05f3641558e811bbc9, \u003C 3d17701c156579969470e58b3a906511f8bc018d","3d17701c156579969470e58b3a906511f8bc018d",{"version":474,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":475,"version_end_type":463,"fixed_in":9},">= d32d98642de66048f9534a05f3641558e811bbc9, \u003C 228d06c4cbfc750f1216a3fd91b4693b0766d2f6","228d06c4cbfc750f1216a3fd91b4693b0766d2f6",{"version":477,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":478,"version_end_type":463,"fixed_in":9},">= d32d98642de66048f9534a05f3641558e811bbc9, \u003C f92181c0e13cad9671d07b15be695a97fc2534a3","f92181c0e13cad9671d07b15be695a97fc2534a3",{"version":480,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":481,"version_end_type":463,"fixed_in":9},">= d32d98642de66048f9534a05f3641558e811bbc9, \u003C f3f3f00bcabbd2ce0a77a2ac7a6797b8646bfd8b","f3f3f00bcabbd2ce0a77a2ac7a6797b8646bfd8b",{"version":483,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":484,"version_end_type":463,"fixed_in":9},">= d32d98642de66048f9534a05f3641558e811bbc9, \u003C 2610617effb4454d2f1c434c011ccb5cc7140711","2610617effb4454d2f1c434c011ccb5cc7140711",{"version":486,"is_range":459,"range_type":138,"version_start":460,"version_start_type":461,"version_end":487,"version_end_type":463,"fixed_in":9},">= d32d98642de66048f9534a05f3641558e811bbc9, \u003C 79d10f4f21a92e459b2276a77be62c59c1502c9d","79d10f4f21a92e459b2276a77be62c59c1502c9d",{"version":489,"is_range":131,"range_type":138,"version_start":489,"version_start_type":461,"version_end":489,"version_end_type":461,"fixed_in":9},"4.3"]