-

CVE-2025-39838

EPSS 0.02%
Veröffentlicht 19.09.2025 15:26:13
Zuletzt bearbeitet 22.09.2025 21:23:01
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

cifs: prevent NULL pointer dereference in UTF16 conversion

There can be a NULL pointer dereference bug here. NULL is passed to
__cifs_sfu_make_node without checks, which passes it unchecked to
cifs_strndup_to_utf16, which in turn passes it to
cifs_local_to_utf16_bytes where '*from' is dereferenced, causing a crash.

This patch adds a check for NULL 'src' in cifs_strndup_to_utf16 and
returns NULL early to prevent dereferencing NULL pointer.

Found by Linux Verification Center (linuxtesting.org) with SVACE

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 65b98a7e65e7a8f3894d8760cd194eaf20504c99

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1cfa5dd05847137f0fb3ce74ced80c0b4858d716

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1f797f062b5cf13a1c2bcc23285361baaa7c9260

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 3c26a8d30ed6b53a52a023ec537dc50a6d34a67a

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 70bccd9855dae56942f2b18a08ba137bb54093a0

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 6.1.*

Version 6.1.151

Status unaffected

Version <= 6.6.*

Version 6.6.105

Status unaffected

Version <= 6.12.*

Version 6.12.46

Status unaffected

Version <= 6.16.*

Version 6.16.6

Status unaffected

Version <= *

Version 6.17-rc5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.048

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/65b98a7e65e7a8f3894d8760cd194eaf20504c99

https://git.kernel.org/stable/c/1cfa5dd05847137f0fb3ce74ced80c0b4858d716

https://git.kernel.org/stable/c/1f797f062b5cf13a1c2bcc23285361baaa7c9260

https://git.kernel.org/stable/c/3c26a8d30ed6b53a52a023ec537dc50a6d34a67a

https://git.kernel.org/stable/c/70bccd9855dae56942f2b18a08ba137bb54093a0

https://nvd.nist.gov/vuln/detail/CVE-2025-39838

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39838

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39838

EUVD