CVE-2025-39678
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL If metric table address is not allocated, accessing metrics_bin will result in a NULL pointer dereference, so add a check.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-11-25
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39678
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the platform/x86/amd/hsmp component where the code did not ensure that the sock->metric_tbl_addr pointer was non-NULL before accessing it. If the metric table address was not allocated, accessing metrics_bin would cause a NULL pointer dereference, potentially leading to a kernel crash or instability. The fix adds a check to ensure the pointer is valid before use.

Impact Analysis

If exploited or triggered, this vulnerability can cause a NULL pointer dereference in the Linux kernel, which may lead to a system crash or denial of service due to kernel instability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39678. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart