CVE-2025-39853
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-19

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fix this by using list_first_entry_or_null instead of list_first_entry.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-19
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39853
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.10.244
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's i40e driver where the function list_first_entry() is used incorrectly. When the MAC list is empty, list_first_entry() does not return NULL but a pointer to an invalid object. Dereferencing this pointer can lead to invalid memory access. The issue is fixed by replacing list_first_entry() with list_first_entry_or_null(), which properly returns NULL if the list is empty, preventing invalid access.

Impact Analysis

The vulnerability can lead to invalid memory access in the Linux kernel's i40e driver, which may cause system instability, crashes, or potentially allow an attacker to exploit the kernel memory corruption. This could impact system reliability and security.

Mitigation Strategies

Update the Linux kernel to a version where the i40e driver has been fixed to use list_first_entry_or_null instead of list_first_entry, as this resolves the potential invalid memory access issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39853. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart