Memory Access Vulnerability in Linux Kernel's i40e Module
CVE-2025-39853

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39853?

A memory access vulnerability exists in the i40e module of the Linux kernel. When the MAC list is empty, invoking the function list_first_entry() returns a pointer to an invalid object instead of NULL. This can result in potential invalid memory access during dereferencing, which could compromise system integrity. The vulnerability has been addressed by replacing list_first_entry() with list_first_entry_or_null() to ensure that proper checks on the list state are enforced, preventing improper memory access.

Affected Version(s)

Linux e3219ce6a775468368fb270fae3eb82a6787b436 < 971feafe157afac443027acdc235badc6838560b

Linux e3219ce6a775468368fb270fae3eb82a6787b436 < 3c6fb929afa313d9d11f780451d113f73922fe5d

Linux e3219ce6a775468368fb270fae3eb82a6787b436 < 1eadabcf5623f1237a539b16586b4ed8ac8dffcd

References

https://git.kernel.org/stable/c/971feafe157afac443027acdc...

https://git.kernel.org/stable/c/3c6fb929afa313d9d11f78045...

https://git.kernel.org/stable/c/1eadabcf5623f1237a539b165...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025