CVE-2025-39853

HIGH EPSS 4.8%
Published Sep 19, 20259mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Sep 19, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fix this by using list_first_entry_or_null instead of list_first_entry.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥4.6  –  <5.4.299
linuxlinux_kernel*≥5.5  –  <5.10.243
linuxlinux_kernel*≥5.11  –  <5.15.192
linuxlinux_kernel*≥5.16  –  <6.1.151
linuxlinux_kernel*≥6.2  –  <6.6.105
linuxlinux_kernel*≥6.7  –  <6.12.46
linuxlinux_kernel*≥6.13  –  <6.16.6
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 12

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-089022.html
  • git.kernel.org https://git.kernel.org/stable/c/1eadabcf5623f1237a539b16586b4ed8ac8dffcd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c6fb929afa313d9d11f780451d113f73922fe5d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66e7cdbda74ee823ec2bf7b830ebd235c54f5ddf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/971feafe157afac443027acdc235badc6838560b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9c21fc4cebd44dd21016c61261a683af390343f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a556f06338e1d5a85af0e32ecb46e365547f92b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2a5e74879f9b494bbd66fa93f355feacde450c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fb216d980fae6561c7c70af8ef826faf059c6515
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1eadabcf5623f1237a539b16586b4ed8ac8dffcd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c6fb929afa313d9d11f780451d113f73922fe5d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66e7cdbda74ee823ec2bf7b830ebd235c54f5ddf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/971feafe157afac443027acdc235badc6838560b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9c21fc4cebd44dd21016c61261a683af390343f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a556f06338e1d5a85af0e32ecb46e365547f92b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2a5e74879f9b494bbd66fa93f355feacde450c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fb216d980fae6561c7c70af8ef826faf059c6515
    Patch