NULL Pointer Dereference in igb Driver Affecting Linux Kernel
CVE-2025-39875

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-39875?

The igb driver in the Linux kernel has a vulnerability that leads to a NULL pointer dereference during the execution of the ethtool loopback test. This issue arises from the absence of an associated q_vector for the test ring as interrupts are not typically assigned to these test rings. The vulnerability was introduced following changes to the napi_id assignment in the function __xdp_rxq_info_reg(). To address this, the final parameter should be simplified to 0, ensuring correct functionality during the testing process.

Affected Version(s)

Linux 2c6196013f84651772388a86dfd4bb033d0c0d45 < 473be7d39efd3be383e9c0c8e44b53508b4ffeb5

Linux 2c6196013f84651772388a86dfd4bb033d0c0d45 < 75871a525a596ff4d16c4aebc0018f8d0923c9b1

Linux 6.14

References

https://git.kernel.org/stable/c/473be7d39efd3be383e9c0c8e...

https://git.kernel.org/stable/c/75871a525a596ff4d16c4aebc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Apr 16, 2025

JSON