NULL Pointer Dereference Vulnerability in Linux Kernel User Space Graphics
CVE-2025-39807

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39807?

The Linux Kernel has a vulnerability that occurs during the handling of cursor updates after a hotplug event. This can lead to a kernel panic due to a NULL pointer dereference when accessing old_state->crtc. The introduced error handling adds necessary NULL pointer checks to maintain kernel stability and prevent the system from entering an unstable state following erroneous operations on an invalid CRTC state.

Affected Version(s)

Linux 40b5b4ba8ed87c0bfb6268c10589777652ebde4c < 7d5cc22efa44e0fe321ce195c71c3d7da211fbb2

Linux d208261e9f7c66960587b10473081dc1cecbe50b < 9a94e9d8b50bcfe89693bc899a54d3866d86e973

Linux d208261e9f7c66960587b10473081dc1cecbe50b < 0c6b24d70da21201ed009a2aca740d2dfddc7ab5

References

https://git.kernel.org/stable/c/7d5cc22efa44e0fe321ce195c...

https://git.kernel.org/stable/c/9a94e9d8b50bcfe89693bc899...

https://git.kernel.org/stable/c/0c6b24d70da21201ed009a2ac...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025