CVE-2025-39925 The advisory has been revoked - it doesn't affect any version of package libperf (opens in a new tab)
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ALMALINUX10-LIBPERF-14374995
- published11 Dec 2025
- disclosed8 Dec 2025
Introduced: 8 Dec 2025
CVE-2025-39925 (opens in a new tab)Amendment
The AlmaLinux security team deemed this advisory irrelevant for AlmaLinux:10.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libperf package and not the libperf package as distributed by AlmaLinux.
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: implement NETDEV_UNREGISTER notification handler
syzbot is reporting
unregister_netdevice: waiting for vcan0 to become free. Usage count = 2
problem, for j1939 protocol did not have NETDEV_UNREGISTER notification handler for undoing changes made by j1939_sk_bind().
Commit 25fe97cb7620 ("can: j1939: move j1939_priv_put() into sk_destruct callback") expects that a call to j1939_priv_put() can be unconditionally delayed until j1939_sk_sock_destruct() is called. But we need to call j1939_priv_put() against an extra ref held by j1939_sk_bind() call (as a part of undoing changes made by j1939_sk_bind()) as soon as NETDEV_UNREGISTER notification fires (i.e. before j1939_sk_sock_destruct() is called via j1939_sk_release()). Otherwise, the extra ref on "struct j1939_priv" held by j1939_sk_bind() call prevents "struct net_device" from dropping the usage count to 1; making it impossible for unregister_netdevice() to continue.
[mkl: remove space in front of label]
References
- https://errata.almalinux.org/10/ALSA-2025-22854.html
- https://errata.almalinux.org/9/ALSA-2025-22865.html
- https://access.redhat.com/security/cve/CVE-2025-39925
- https://access.redhat.com/errata/RHSA-2025:22854
- https://access.redhat.com/errata/RHSA-2025:22865
- https://git.kernel.org/stable/c/7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a
- https://git.kernel.org/stable/c/da9e8f429139928570407e8f90559b5d46c20262