Linux Kernel Vulnerability in Ethernet Driver Affecting Multiple Versions
CVE-2025-39858

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39858?

A vulnerability in the Linux kernel's Ethernet driver could lead to invalid pointer dereferences due to an erroneous NULL check. Specifically, this issue arises in the mlx4_en_create_rx_ring function after calling page_pool_create(), which can return error pointers (ERR_PTR). Failing to replace the NULL check with an IS_ERR() verification may result in system instability and unpredicted behavior.

Affected Version(s)

Linux 8533b14b3d65ee666ba31254787c1bdaee56d95a < 7b77d8841a98a9f45c8a615222c698df8dec581c

Linux 8533b14b3d65ee666ba31254787c1bdaee56d95a

Linux 6.15

References

https://git.kernel.org/stable/c/7b77d8841a98a9f45c8a61522...

https://git.kernel.org/stable/c/e580beaf43d563aaf457f1c7f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025