CVE-2025-39853
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 5.10.244 |
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's i40e driver where the function list_first_entry() is used incorrectly. When the MAC list is empty, list_first_entry() does not return NULL but a pointer to an invalid object. Dereferencing this pointer can lead to invalid memory access. The issue is fixed by replacing list_first_entry() with list_first_entry_or_null(), which properly returns NULL if the list is empty, preventing invalid access.
How can this vulnerability impact me? :
The vulnerability can lead to invalid memory access in the Linux kernel's i40e driver, which may cause system instability, crashes, or potentially allow an attacker to exploit the kernel memory corruption. This could impact system reliability and security.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the i40e driver has been fixed to use list_first_entry_or_null instead of list_first_entry, as this resolves the potential invalid memory access issue.