CVE-2025-39934
BaseFortify
Publication date: 2025-10-04
Last updated on: 2026-01-23
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.11 (inc) to 5.15.194 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.154 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.108 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.49 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.16.9 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's drm bridge component for anx7625. If an interrupt happens before the necessary resources are fully initialized, the interrupt handler or worker may try to access uninitialized data, such as the I2C tcpc_client device. This can lead to a NULL pointer dereference, which may cause the system to crash or behave unexpectedly.
How can this vulnerability impact me? :
The vulnerability can cause the system to crash or become unstable due to a NULL pointer dereference triggered by an interrupt occurring too early. This may lead to denial of service or unexpected behavior in systems using the affected Linux kernel component.