cve 2025 39925

About this tag
CVE-2025-39925 is a Linux kernel vulnerability in the CAN J1939 protocol stack, where a missing NETDEV_UNREGISTER notification handler causes a race condition and reference-counting bug. This can leave a virtual CAN device with an elevated usage count, blocking unregister_netdevice from completing. Microsoft's Security Response Center has confirmed that Azure Linux includes the affected component and is potentially vulnerable, with plans to update the CVE entry if other Microsoft products are affected. The tag covers discussions about the technical details of the fix, the impact on Azure Linux, and broader implications for systems using the CAN J1939 protocol.
  1. CVE-2025-39925: Linux CAN J1939 race fix and Azure Linux attestation

    The Linux kernel fix tracked as CVE‑2025‑39925 addresses a race/reference-counting bug in the CAN J1939 protocol stack: the subsystem lacked a NETDEV_UNREGISTER notification handler to undo an extra reference held by j1939_sk_bind, which could leave a virtual CAN device (for example vcan0) stuck...