CVE-2025-39897
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-12-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.8 (inc) to 6.12.46 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.16.6 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's xilinx axienet driver involves missing error handling when retrieving RX metadata pointers using dmaengine_desc_get_metadata_ptr(). Without proper error checking, the function can return an error pointer that, if not handled correctly, may cause crashes or undefined behavior. The fix adds error handling to unmap the DMA buffer, free the skb, and return early to prevent processing invalid data.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to system crashes or undefined behavior in the affected Linux kernel network driver, potentially causing denial of service or instability in systems using the xilinx axienet driver.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the axienet driver where proper error handling for dmaengine_desc_get_metadata_ptr() has been added. This prevents crashes or undefined behavior by handling error pointers correctly. Until the update is applied, avoid using affected hardware or drivers if possible.