CVE-2025-39902
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
01/10/2025
Last modified:
16/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
mm/slub: avoid accessing metadata when pointer is invalid in object_err()<br />
<br />
object_err() reports details of an object for further debugging, such as<br />
the freelist pointer, redzone, etc. However, if the pointer is invalid,<br />
attempting to access object metadata can lead to a crash since it does<br />
not point to a valid object.<br />
<br />
One known path to the crash is when alloc_consistency_checks()<br />
determines the pointer to the allocated object is invalid because of a<br />
freelist corruption, and calls object_err() to report it. The debug code<br />
should report and handle the corruption gracefully and not crash in the<br />
process.<br />
<br />
In case the pointer is NULL or check_valid_pointer() returns false for<br />
the pointer, only print the pointer value and skip accessing metadata.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.22 (including) | 5.4.299 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.243 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.192 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.151 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.105 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.46 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.16.6 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0ef7058b4dc6fcef622ac23b45225db57f17b83f
- https://git.kernel.org/stable/c/1f0797f17927b5cad0fb7eced422f9a7c30a3191
- https://git.kernel.org/stable/c/3baa1da473e6e50281324ff1d332d1a07a3bb02e
- https://git.kernel.org/stable/c/7e287256904ee796c9477e3ec92b07f236481ef3
- https://git.kernel.org/stable/c/872f2c34ff232af1e65ad2df86d61163c8ffad42
- https://git.kernel.org/stable/c/b4efccec8d06ceb10a7d34d7b1c449c569d53770
- https://git.kernel.org/stable/c/dda6ec365ab04067adae40ef17015db447e90736
- https://git.kernel.org/stable/c/f66012909e7bf383fcdc5850709ed5716073fdc4
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html