CVE-2025-39790: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39790 is a vulnerability discovered in the Linux kernel's MHI (Modem Host Interface) host component, specifically related to the handling of event pointers and TREs (Transfer Ring Elements). The vulnerability was disclosed on September 11, 2025, affecting various versions of Red Hat Enterprise Linux including versions 8, 9, and 10 (Red Hat XML).

The vulnerability occurs when a remote device sends a completion event to the host containing a pointer to the consumed TRE. While this mechanism works for chained transactions, it can lead to issues if the device sends an event for a single-element transaction with a read pointer multiple elements ahead of the host's read pointer. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a high severity local attack vector with high complexity (Red Hat XML).

If exploited, the vulnerability can result in a double-free condition when the host uses the channel's xfer_cb() to directly free the buffer pointed to by the TRE. This occurs specifically when the host accesses an event ring while the device is updating it, causing the pointer inside the event to point to an old TRE (NVD).

The vulnerability has been resolved through a patch that hardens the host by ensuring transactions where the event points to a TRE that isn't local_rp + 1 are treated as chained. This fix prevents the processing of unexpected TREs that could lead to double-free conditions (NVD).