CVE-2025-39863 wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work

🗓️ 19 Sep 2025 15:26:33Reported by LinuxType

Fix use-after-free in brcmfmac wifi btcoex work reschedule due to detach timer race.

Reporter	Title	Published	Views	Family All 163
AstraLinux	Astra Linux - уязвимость в linux-6.12	1 Nov 202510:54	–	astralinux
CBLMariner	CVE-2025-39863 affecting package kernel for versions less than 6.6.112.1-1	14 Nov 202522:03	–	cbl_mariner
Circl	CVE-2025-39863	3 Dec 202514:14	–	circl
CloudLinux	kernel: Fix of 39 CVEs	20 Jan 202612:06	–	cloudlinux
CNNVD	Linux kernel 安全漏洞	19 Sep 202500:00	–	cnnvd
CVE	CVE-2025-39863	19 Sep 202515:26	–	cve
Debian	[SECURITY] [DLA 4561-1] linux-6.1 security update	2 May 202608:40	–	debian
Debian	[SECURITY] [DSA 6008-1] linux security update	22 Sep 202521:10	–	debian
Debian	[SECURITY] [DSA 6243-1] linux security update	1 May 202619:10	–	debian
Debian CVE	CVE-2025-39863	19 Sep 202515:26	–	debiancve

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/broadcom/brcm80211/brcmfmac/btcoex.c"
    ],
    "versions": [
      {
        "version": "61730d4dfffc2cc9d3a49fad87633008105c18ba",
        "lessThan": "ae58f70bde0433f27ef4b388ab50634736607bf6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "61730d4dfffc2cc9d3a49fad87633008105c18ba",
        "lessThan": "f1150153c4e5940fe49ab51136343c5b4fe49d63",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "61730d4dfffc2cc9d3a49fad87633008105c18ba",
        "lessThan": "3e789f8475f6c857c88de5c5bf4b24b11a477dd7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "61730d4dfffc2cc9d3a49fad87633008105c18ba",
        "lessThan": "2f6fbc8e04ca1d1d5c560be694199f847229c625",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "61730d4dfffc2cc9d3a49fad87633008105c18ba",
        "lessThan": "9cb83d4be0b9b697eae93d321e0da999f9cdfcfc",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/broadcom/brcm80211/brcmfmac/btcoex.c"
    ],
    "versions": [
      {
        "version": "3.10",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.10",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.1.167",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.105",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.46",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.16.6",
        "lessThanOrEqual": "6.16.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/3e789f8475f6c857c88de5c5bf4b24b11a477dd7
git	www.git.kernel.org/stable/c/ae58f70bde0433f27ef4b388ab50634736607bf6
git	www.git.kernel.org/stable/c/f1150153c4e5940fe49ab51136343c5b4fe49d63
git	www.git.kernel.org/stable/c/2f6fbc8e04ca1d1d5c560be694199f847229c625
git	www.git.kernel.org/stable/c/9cb83d4be0b9b697eae93d321e0da999f9cdfcfc

11 May 2026 21:37Current

EPSS0.00147