Memory Access Vulnerability in Linux Kernel Affecting PCMCIADrivers
CVE-2025-39920

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39920?

This vulnerability arises in the Linux kernel's handling of memory during the validation of PCMCIA memory intervals. The function do_validate_mem() fails to account for errors returned from the add_interval() function. In scenarios where kmalloc() cannot allocate memory, a null pointer could be added to the linked list, leading to illegal memory access during subsequent calls to sub_interval(). Recent patches have introduced error handling to ensure that any failure in add_interval() results in an early exit with an appropriate error code, thus mitigating risks of vulnerabilities that can be exploited.

Affected Version(s)

Linux 7b4884ca8853a638df0eb5d251d80d67777b8b1a < 5b60ed401b47897352c520bc724c85aa908dedcc

Linux 7b4884ca8853a638df0eb5d251d80d67777b8b1a

Linux 7b4884ca8853a638df0eb5d251d80d67777b8b1a < 85be7ef8c8e792a414940a38d94565dd48d2f236

References

https://git.kernel.org/stable/c/5b60ed401b47897352c520bc7...

https://git.kernel.org/stable/c/ae184024ef31423e5beb44cf4...

https://git.kernel.org/stable/c/85be7ef8c8e792a414940a38d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON