{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-39833","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.140Z","datePublished":"2025-09-16T13:08:50.192Z","dateUpdated":"2026-05-11T21:37:19.116Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:37:19.116Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: hfcpci: Fix warning when deleting uninitialized timer\n\nWith CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads\nto the following splat:\n\n[  250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0\n[  250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0\n[  250.218775] Modules linked in: hfcpci(-) mISDN_core\n[  250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)\n[  250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0\n[  250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d\n[  250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286\n[  250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95\n[  250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0\n[  250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39\n[  250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001\n[  250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8\n[  250.232454] FS:  00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000\n[  250.233851] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0\n[  250.236117] Call Trace:\n[  250.236599]  <TASK>\n[  250.236967]  ? trace_irq_enable.constprop.0+0xd4/0x130\n[  250.237920]  debug_object_assert_init+0x1f6/0x310\n[  250.238762]  ? __pfx_debug_object_assert_init+0x10/0x10\n[  250.239658]  ? __lock_acquire+0xdea/0x1c70\n[  250.240369]  __try_to_del_timer_sync+0x69/0x140\n[  250.241172]  ? __pfx___try_to_del_timer_sync+0x10/0x10\n[  250.242058]  ? __timer_delete_sync+0xc6/0x120\n[  250.242842]  ? lock_acquire+0x30/0x80\n[  250.243474]  ? __timer_delete_sync+0xc6/0x120\n[  250.244262]  __timer_delete_sync+0x98/0x120\n[  250.245015]  HFC_cleanup+0x10/0x20 [hfcpci]\n[  250.245704]  __do_sys_delete_module+0x348/0x510\n[  250.246461]  ? __pfx___do_sys_delete_module+0x10/0x10\n[  250.247338]  do_syscall_64+0xc1/0x360\n[  250.247924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFix this by initializing hfc_tl timer with DEFINE_TIMER macro.\nAlso, use mod_timer instead of manual timeout update."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/isdn/hardware/mISDN/hfcpci.c"],"versions":[{"version":"87c5fa1bb42624254a2013cbbc3b170d6017f5d6","lessThan":"43fc5da8133badf17f5df250ba03b9d882254845","status":"affected","versionType":"git"},{"version":"87c5fa1bb42624254a2013cbbc3b170d6017f5d6","lessThan":"97766512a9951b9fd6fc97f1b93211642bb0b220","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/isdn/hardware/mISDN/hfcpci.c"],"versions":[{"version":"2.6.29","status":"affected"},{"version":"0","lessThan":"2.6.29","status":"unaffected","versionType":"semver"},{"version":"6.16.5","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.29","versionEndExcluding":"6.16.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.29","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/43fc5da8133badf17f5df250ba03b9d882254845"},{"url":"https://git.kernel.org/stable/c/97766512a9951b9fd6fc97f1b93211642bb0b220"}],"title":"mISDN: hfcpci: Fix warning when deleting uninitialized timer","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2025-39833","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:18:25.755383Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-908","description":"CWE-908 Use of Uninitialized Resource"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:22:57.060Z"}}]}}