Uninitialized Pointer Dereference in Linux Kernel Crypto Module by Linux Foundation
CVE-2025-39729

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 7 September 2025

What is CVE-2025-39729?

A vulnerability exists in the crypto module of the Linux kernel, specifically in the handling of an uninitialized pointer within the SEV platform initialization process. This issue can lead to potential exploitation, as the code incorrectly assumed that the 'error' variable could be null. This flaw has been identified and addressed in recent patches. It’s crucial for users of the affected kernel versions to apply the necessary updates to ensure system integrity and security.

Affected Version(s)

Linux 9770b428b1a28360663f1f5e524ee458b4cf454b < 841634e1fdc2bdf35ab851fc279fd3bedcdf5e93

Linux 9770b428b1a28360663f1f5e524ee458b4cf454b < 0fa766726c091ff0ec7d26874f6e4724d23ecb0e

Linux 6.16

References

https://git.kernel.org/stable/c/841634e1fdc2bdf35ab851fc2...

https://git.kernel.org/stable/c/0fa766726c091ff0ec7d26874...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2025
Vulnerability Reserved
Apr 16, 2025