Use After Free Affecting perf package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL10-PERF-12628053
- published12 Sept 2025
- disclosed11 Sept 2025
Introduced: 11 Sep 2025
NewCVE-2025-39783 (opens in a new tab)How to fix?
There is no fixed version for RHEL:10 perf.
NVD Description
Note: Versions mentioned in the description apply only to the upstream perf package and not the perf package as distributed by RHEL.
See How to fix? for RHEL:10 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Fix configfs group list head handling
Doing a list_del() on the epf_group field of struct pci_epf_driver in pci_epf_remove_cfs() is not correct as this field is a list head, not a list entry. This list_del() call triggers a KASAN warning when an endpoint function driver which has a configfs attribute group is torn down:
================================================================== BUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198 Write of size 8 at addr ffff00010f4a0d80 by task rmmod/319
CPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE Hardware name: Radxa ROCK 5B (DT) Call trace: show_stack+0x2c/0x84 (C) dump_stack_lvl+0x70/0x98 print_report+0x17c/0x538 kasan_report+0xb8/0x190 __asan_report_store8_noabort+0x20/0x2c pci_epf_remove_cfs+0x17c/0x198 pci_epf_unregister_driver+0x18/0x30 nvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf] __arm64_sys_delete_module+0x264/0x424 invoke_syscall+0x70/0x260 el0_svc_common.constprop.0+0xac/0x230 do_el0_svc+0x40/0x58 el0_svc+0x48/0xdc el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c ...
Remove this incorrect list_del() call from pci_epf_remove_cfs().
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2394612
- https://access.redhat.com/security/cve/CVE-2025-39783
- https://git.kernel.org/stable/c/0758862386f114d9ab1e23181461bd1e2e9ec4c6
- https://git.kernel.org/stable/c/409af8b9f7b4f23cd0464e71c6cd6fe13c076ae2
- https://git.kernel.org/stable/c/6cf65505523224cab1449d726d2ce8180c2941ee
- https://git.kernel.org/stable/c/80ea6e6904fb2ba4ccb5d909579988466ec65358
- https://git.kernel.org/stable/c/a302bd89db35d8b7e279de4d2b41c16c7f191069
- https://git.kernel.org/stable/c/d5aecddc3452371d9da82cdbb0c715812524b54b
- https://git.kernel.org/stable/c/d79123d79a8154b4318529b7b2ff7e15806f480b
- https://git.kernel.org/stable/c/dc4ffbd571716ff3b171418fb03abe80e720a7b1