CVE-2025-39920
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for add_interval() in do_validate_mem() In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next. This patch adds an error handling for the add_interval(). If add_interval() returns an error, the function will return early with the error code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-10-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39920
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
linux linux_kernel 5.10.244-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's pcmcia component, specifically in the do_validate_mem() function. The function calls add_interval() without handling errors. If add_interval() fails due to kmalloc() failure, a null pointer could be inserted into a linked list. This leads to illegal memory access when sub_interval() is called afterward. The patch fixes this by adding error handling to return early if add_interval() fails.

Impact Analysis

The vulnerability can cause illegal memory access in the Linux kernel, which may lead to system instability, crashes, or potential security issues such as denial of service or exploitation of kernel memory corruption.

Mitigation Strategies

Apply the patch that adds error handling for add_interval() in do_validate_mem() in the Linux kernel. This patch prevents null pointer insertion by handling kmalloc() failures properly. Updating the Linux kernel to a version that includes this fix is the recommended mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39920. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart