CVE-2025-39678

MEDIUM EPSS 4.1%
Published Sep 5, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 5, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL If metric table address is not allocated, accessing metrics_bin will result in a NULL pointer dereference, so add a check.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥6.7  –  <6.12.56
linuxlinux_kernel*≥6.13  –  <6.16.4
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/2c78fb287e1f430b929f2e49786518350d15605c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/782977c0d8ba432b6fd3d5d0d87016a523ec1c69
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d47782d5c0cb87b9826041f34505580204ccf703
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2c78fb287e1f430b929f2e49786518350d15605c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/782977c0d8ba432b6fd3d5d0d87016a523ec1c69
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d47782d5c0cb87b9826041f34505580204ccf703
    Patch