CVE-2025-39995: 
Linux Debian vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-39995) was discovered in the Linux kernel's media subsystem, specifically in the tc358743 driver. The vulnerability was identified on October 15, 2025, and affects the timer handling in the probe function (NVD).

The vulnerability occurs in the tc358743 driver's probe function where state->timer, a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, continues to rearm itself. The issue arises because timerdelete() does not guarantee the timer has stopped running when destroyed, and similarly canceldelayedwork() cannot ensure delayedworkenablehotplug has terminated if already executing. During probe failure after timer initialization, these may continue running as orphans and reference the already-freed tc358743state object through tc358743irqpoll_timer (NVD).

When exploited, this vulnerability can lead to a use-after-free condition in the Linux kernel, potentially causing system crashes or memory corruption. The issue was confirmed through KASAN (Kernel Address Sanitizer) which detected the slab-use-after-free occurrence in _runtimer_base.part.0 (NVD).

The recommended fix is to replace timerdelete() with timerdeletesync() and canceldelayedwork() with canceldelayedworksync() to ensure proper termination of timer and work items before resource cleanup (NVD).