CVE-2025-39856
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-12-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.15 (inc) to 6.16.6 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in the Linux kernel's ethernet driver for TI SoCs with the CPSW2G instance. Specifically, during the TX completion packet stage, the network device (ndev) is accessed without being initialized if no TX packets have been processed, which causes the kernel to crash. The issue is fixed by adding a check on the number of TX packets processed before accessing ndev.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to a null pointer dereference, leading to a denial of service on affected systems using the TI SoCs with CPSW2G ethernet instances. This can disrupt network connectivity and system availability.