Null Pointer Dereference in Linux Kernel Affecting RISC-V IOMMU
CVE-2025-39699

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39699?

The Linux kernel contains a vulnerability in the RISC-V IOMMU subsystem where the function riscv_iommu_iova_to_phys() does not correctly handle NULL returns from riscv_iommu_pte_fetch(). This oversight can lead to a NULL pointer dereference, potentially destabilizing the system or causing unexpected behavior. The vulnerability has been addressed by implementing checks to prevent the NULL deref and by refining the validation process for the page table entries (PTE).

Affected Version(s)

Linux 488ffbf181718b9ad8c1838cb249d60973e78eda < 220c491490255b656672bb572b18460cd9155926

Linux 488ffbf181718b9ad8c1838cb249d60973e78eda < 99d4d1a070870aa08163af8ce0522992b7f35d8c

Linux 6.13

References

https://git.kernel.org/stable/c/220c491490255b656672bb572...

https://git.kernel.org/stable/c/99d4d1a070870aa08163af8ce...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025