CVE-2025-39873

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB<br /> <br /> can_put_echo_skb() takes ownership of the SKB and it may be freed<br /> during or after the call.<br /> <br /> However, xilinx_can xcan_write_frame() keeps using SKB after the call.<br /> <br /> Fix that by only calling can_put_echo_skb() after the code is done<br /> touching the SKB.<br /> <br /> The tx_lock is held for the entire xcan_write_frame() execution and<br /> also on the can_get_echo_skb() side so the order of operations does not<br /> matter.<br /> <br /> An earlier fix commit 3d3c817c3a40 ("can: xilinx_can: Fix usage of skb<br /> memory") did not move the can_put_echo_skb() call far enough.<br /> <br /> [mkl: add "commit" in front of sha1 in patch description]<br /> [mkl: fix indention]