The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Both the ACE and CSI driver     are missing a mei_cldev_disable() call in their remove() function. This causes the mei_cl client to stay     part of the mei_device->file_list list even though its memory is freed by mei_cl_bus_dev_release() calling     kfree(cldev->cl). This leads to a use-after-free when mei_vsc_remove() runs mei_stop() which first removes     all mei bus devices calling mei_ace_remove() and mei_csi_remove() followed by mei_cl_bus_dev_release() and     then calls mei_cl_all_disconnect() which walks over mei_device->file_list dereferecing the just freed     cldev->cl. And mei_vsc_remove() it self is run at shutdown because of the     platform_device_unregister(tp->pdev) in vsc_tp_shutdown() When building a kernel with KASAN this leads to     the following KASAN report: [ 106.634504]     ================================================================== [ 106.634623] BUG: KASAN: slab-use-     after-free in mei_cl_set_disconnected (drivers/misc/mei/client.c:783) mei [ 106.634683] Read of size 4 at     addr ffff88819cb62018 by task systemd-shutdow/1 [ 106.634729] [ 106.634767] Tainted: [E]=UNSIGNED_MODULE [     106.634770] Hardware name: Dell Inc. XPS 16 9640/09CK4V, BIOS 1.12.0 02/10/2025 [ 106.634773] Call Trace:
    [ 106.634777] <TASK> ... [ 106.634871] kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:636) [     106.634901] mei_cl_set_disconnected (drivers/misc/mei/client.c:783) mei [ 106.634921]     mei_cl_all_disconnect (drivers/misc/mei/client.c:2165 (discriminator 4)) mei [ 106.634941] mei_reset     (drivers/misc/mei/init.c:163) mei ... [ 106.635042] mei_stop (drivers/misc/mei/init.c:348) mei [     106.635062] mei_vsc_remove (drivers/misc/mei/mei_dev.h:784 drivers/misc/mei/platform-vsc.c:393) mei_vsc [     106.635066] platform_remove (drivers/base/platform.c:1424) Add the missing mei_cldev_disable() calls so     that the mei_cl gets removed from mei_device->file_list before it is freed to fix this. (CVE-2025-39711)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

Linux Distros Unpatched Vulnerability : CVE-2025-39711

high Nessus Plugin ID 261605

Version 1.6