CVE-2025-39920
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153-1 |
| linux | linux_kernel | 5.10.244-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's pcmcia component, specifically in the do_validate_mem() function. The function calls add_interval() without handling errors. If add_interval() fails due to kmalloc() failure, a null pointer could be inserted into a linked list. This leads to illegal memory access when sub_interval() is called afterward. The patch fixes this by adding error handling to return early if add_interval() fails.
How can this vulnerability impact me? :
The vulnerability can cause illegal memory access in the Linux kernel, which may lead to system instability, crashes, or potential security issues such as denial of service or exploitation of kernel memory corruption.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that adds error handling for add_interval() in do_validate_mem() in the Linux kernel. This patch prevents null pointer insertion by handling kmalloc() failures properly. Updating the Linux kernel to a version that includes this fix is the recommended mitigation.