CVE-2025-39920

MEDIUM EPSS 4.8%
Published Oct 1, 20259mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 1, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for add_interval() in do_validate_mem() In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next. This patch adds an error handling for the add_interval(). If add_interval() returns an error, the function will return early with the error code.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.34  –  <5.4.299
linuxlinux_kernel*≥5.5  –  <5.10.243
linuxlinux_kernel*≥5.11  –  <5.15.192
linuxlinux_kernel*≥5.16  –  <6.1.151
linuxlinux_kernel*≥6.2  –  <6.6.105
linuxlinux_kernel*≥6.7  –  <6.12.46
linuxlinux_kernel*≥6.13  –  <6.16.6
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/06b26e3099207c94b3d1be8565aedc6edc4f0a60
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/289b58f8ff3198d091074a751d6b8f6827726f3e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/369bf6e241506583f4ee7593c53b92e5a9f271b4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4a81f78caa53e0633cf311ca1526377d9bff7479
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5b60ed401b47897352c520bc724c85aa908dedcc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/85be7ef8c8e792a414940a38d94565dd48d2f236
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8699358b6ac99b8ccc97ed9e6e3669ef8958ef7b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae184024ef31423e5beb44cf4f52999bbcf2fe5b
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/06b26e3099207c94b3d1be8565aedc6edc4f0a60
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/289b58f8ff3198d091074a751d6b8f6827726f3e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/369bf6e241506583f4ee7593c53b92e5a9f271b4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4a81f78caa53e0633cf311ca1526377d9bff7479
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5b60ed401b47897352c520bc724c85aa908dedcc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/85be7ef8c8e792a414940a38d94565dd48d2f236
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8699358b6ac99b8ccc97ed9e6e3669ef8958ef7b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae184024ef31423e5beb44cf4f52999bbcf2fe5b
    Patch