CVE-2025-39993: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's iMON driver (CVE-2025-39993). The issue was identified on October 15, 2025, affecting the media subsystem, specifically in the remote control (rc) component. The vulnerability stems from improper handling of USB device references in the imon_disconnect function (NVD).

The vulnerability occurs when the iMON driver improperly releases the usb_device reference in imon_disconnect without proper coordination with active device users. The fields usbdev_intf0 and usbdev_intf1 are not protected by the users counter (ictx->users). During probe operations, imon_init_intf0 or imon_init_intf1 increments the usb_device reference count depending on the interface. However, during disconnect operations, usb_put_dev is called unconditionally, regardless of actual usage. This can result in a use-after-free condition of the usb_device pointer if vfd_write or other operations are still in progress after disconnect (NVD).

The vulnerability can lead to use-after-free conditions in the kernel's USB subsystem, potentially causing system instability or crashes. The issue was discovered through KASAN (Kernel Address Sanitizer) reports, indicating memory corruption vulnerabilities that could affect system stability and security (NVD).

The fix involves guarding access to usbdev_intf0 and usbdev_intf1 after disconnect by checking ictx->disconnected in all writer paths. Early returns with -ENODEV have been added in send_packet(), vfd_write(), lcd_write() and display_open() if the device is no longer present. The fix also includes setting and reading ictx->disconnected under ictx->lock to ensure memory synchronization (NVD).