{"id":"CVE-2025-21715","summary":"net: davicom: fix UAF in dm9000_drv_remove","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: davicom: fix UAF in dm9000_drv_remove\n\ndm is netdev private data and it cannot be\nused after free_netdev() call. Using dm after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.\n\nThis is similar to the issue fixed in commit\nad297cd2db89 (\"net: qcom/emac: fix UAF in emac_remove\").\n\nThis bug is detected by our static analysis tool.","modified":"2026-04-02T12:45:11.925843Z","published":"2025-02-27T02:07:26.174Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:0847-1","SUSE-SU-2025:0856-1","SUSE-SU-2025:0955-1","SUSE-SU-2025:20190-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20260-1","SUSE-SU-2025:20270-1","USN-7521-2"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21715.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/19e65c45a1507a1a2926649d2db3583ed9d55fd9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2013c95df6752d9c88221d0f0f37b6f197969390"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5a54367a7c2378c65aaa4d3cfd952f26adef7aa7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7d7d201eb3b766abe590ac0dda7a508b7db3e357"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a53cb72043443ac787ec0b5fa17bb3f8ff3d462b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c411f9a5fdc9158e8f7c57eac961d3df3eb4d8ca"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c94ab07edc2843e2f3d46dbd82e5c681503aaadf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/db79e982c5f9e39ab710cbce55b05f2f5e6f1ca9"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21715.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21715"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d28e783c20033b90a64d4e1307bafb56085d8184"},{"fixed":"db79e982c5f9e39ab710cbce55b05f2f5e6f1ca9"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4fd0654b8f2129b68203974ddee15f804ec011c2"},{"fixed":"a53cb72043443ac787ec0b5fa17bb3f8ff3d462b"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"cf9e60aa69ae6c40d3e3e4c94dd6c8de31674e9b"},{"fixed":"7d7d201eb3b766abe590ac0dda7a508b7db3e357"},{"fixed":"c94ab07edc2843e2f3d46dbd82e5c681503aaadf"},{"fixed":"c411f9a5fdc9158e8f7c57eac961d3df3eb4d8ca"},{"fixed":"5a54367a7c2378c65aaa4d3cfd952f26adef7aa7"},{"fixed":"2013c95df6752d9c88221d0f0f37b6f197969390"},{"fixed":"19e65c45a1507a1a2926649d2db3583ed9d55fd9"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"d182994b2b6e23778b146a230efac8f1d77a3445"},{"last_affected":"427b3fc3d5244fef9c1f910a9c699f2690642f83"},{"last_affected":"9c49181c201d434186ca6b1a7b52e29f4169f6f8"},{"last_affected":"9808f032c4d971cbf2b01411a0a2a8ee0040efe3"},{"last_affected":"a1f308089257616cdb91b4334c5eaa81ae17e387"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21715.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}