Memory Management Vulnerability in Linux Kernel Affecting Metadata Access
CVE-2025-39902
What is CVE-2025-39902?
A vulnerability has been identified in the Linux kernel related to the memory management component, specifically within the mm/slub subsystem. This issue arises when an invalid pointer is accessed in the object_err() function meant for debugging. If this pointer does not point to a valid object, it can lead to unexpected crashes. A known trigger for this crash occurs during calls to alloc_consistency_checks(), where a corrupted freelist leads to an invalid pointer being reported by object_err(). The resolution involves ensuring that any checks against pointer validity are strictly adhered to, allowing only valid accesses to metadata. Should a pointer be NULL or deemed invalid, the system should only log the pointer value without attempting to access the potentially corrupted metadata, thus enhancing overall system stability.
Affected Version(s)
Linux 81819f0fc8285a2a5a921c019e3e3d7b6169d225 < 872f2c34ff232af1e65ad2df86d61163c8ffad42
Linux 81819f0fc8285a2a5a921c019e3e3d7b6169d225
Linux 81819f0fc8285a2a5a921c019e3e3d7b6169d225 < 7e287256904ee796c9477e3ec92b07f236481ef3