Null Pointer Dereference in TI SoCs Ethernet Driver
CVE-2025-39856

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39856?

A vulnerability was identified in the Linux kernel related to the ethernet driver for Texas Instruments System on Chips (SoCs) utilizing the CPSW2G instance. During the TX completion packet stage, if no TX packets were processed, the driver attempts to access an uninitialized ndev, leading to a null pointer dereference. This flaw can cause a kernel crash, potentially compromising system stability. The vulnerability has been addressed by implementing a check on the number of TX packets processed, ensuring that ndev is accessed only when appropriately initialized.

Affected Version(s)

Linux 9a369ae3d1431a83589dde57323a04692dd7fc12 < 485302905bada953aadfe063320d73c892a66cbb

Linux 9a369ae3d1431a83589dde57323a04692dd7fc12

Linux 6.15

References

https://git.kernel.org/stable/c/485302905bada953aadfe0633...

https://git.kernel.org/stable/c/a6099f263e1f408bcc7913c9d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025