CVE-2025-39846

MEDIUM EPSS 4.5%
Published Sep 19, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 19, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is a dereference of res in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference on failure of pcmcia_make_resource(). Fix this bug by adding a check of res.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.35  –  <5.4.299
linuxlinux_kernel*≥5.5  –  <5.10.243
linuxlinux_kernel*≥5.11  –  <5.15.192
linuxlinux_kernel*≥5.16  –  <6.1.151
linuxlinux_kernel*≥6.2  –  <6.6.105
linuxlinux_kernel*≥6.7  –  <6.12.46
linuxlinux_kernel*≥6.13  –  <6.16.6
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 12

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-089022.html
  • git.kernel.org https://git.kernel.org/stable/c/2ee32c4c4f636e474cd8ab7c19a68cf36072ea93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/44822df89e8f3386871d9cad563ece8e2fd8f0e7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4bd570f494124608a0696da070f00236a96fb610
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5ff2826c998370bf7f9ae26fe802140d220e3510
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b990c8c6ff50649ad3352507398e443b1e3527b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ce3b7766276894d2fbb07e2047a171f9deb965de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7286005e8fde0a430dc180a9f46c088c7d74483
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fafa7450075f41d232bc785a4ebcbf16374f2076
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2ee32c4c4f636e474cd8ab7c19a68cf36072ea93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/44822df89e8f3386871d9cad563ece8e2fd8f0e7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4bd570f494124608a0696da070f00236a96fb610
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5ff2826c998370bf7f9ae26fe802140d220e3510
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b990c8c6ff50649ad3352507398e443b1e3527b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ce3b7766276894d2fbb07e2047a171f9deb965de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7286005e8fde0a430dc180a9f46c088c7d74483
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fafa7450075f41d232bc785a4ebcbf16374f2076
    Patch