NULL Pointer Dereference in Linux Kernel's PCMCIA Subsystem
CVE-2025-39846

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39846?

A vulnerability in the Linux kernel's PCMCIA subsystem can lead to a NULL pointer dereference during the resource allocation process. The issue arises in the __iodyn_find_io_region() function, where improper handling of resource assignment leads to potential system instability. If the pcmcia_make_resource() function fails, it results in a dereference of a NULL pointer, posing a risk during PCI bus resource allocation. To mitigate this issue, a check was implemented to verify the validity of the resource before its usage, enhancing the overall robustness of the kernel's resource management.

Affected Version(s)

Linux 49b1153adfe18a3cce7e70aa26c690f275917cd0

Linux 49b1153adfe18a3cce7e70aa26c690f275917cd0 < 5ff2826c998370bf7f9ae26fe802140d220e3510

Linux 49b1153adfe18a3cce7e70aa26c690f275917cd0 < 4bd570f494124608a0696da070f00236a96fb610

References

https://git.kernel.org/stable/c/b990c8c6ff50649ad33525073...

https://git.kernel.org/stable/c/5ff2826c998370bf7f9ae26fe...

https://git.kernel.org/stable/c/4bd570f494124608a0696da07...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025