CVE-2025-39863: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39863 is a vulnerability discovered in the Linux kernel's brcmfmac WiFi driver, specifically related to a use-after-free condition when rescheduling brcmfbtcoexinfo work. The vulnerability was disclosed on September 19, 2025, affecting various versions of Red Hat Enterprise Linux (RHEL) systems from version 7 through 10 (NVD, Red Hat).

The vulnerability stems from a race condition in the brcmfbtcoexdetach() function, which only shuts down the btcoex timer if the timeron flag is false. The issue arises because brcmfbtcoextimerfunc(), running as a timer handler, sets timeron to false, creating critical race conditions. This can lead to two scenarios: either the brcmfbtcoexinfo is deallocated before the worker is scheduled, or it's freed after scheduling but before or during execution. The vulnerability has been assigned a CVSS v3.1 base score of 7.0, indicating moderate severity (Red Hat).

The vulnerability can result in use-after-free bugs in the Linux kernel's WiFi subsystem, specifically affecting the brcmfmac driver. These bugs can occur in two distinct scenarios depending on the timing of memory deallocation and worker thread execution, potentially leading to system instability or crashes (NVD).

The recommended fix involves dropping the conditional check and calling timershutdownsync() directly, which can deactivate the timer reliably regardless of its current state. After stopping the timer, the timer_on state is set to false. This solution has been implemented in the Linux kernel to address the race conditions (NVD).