-

CVE-2025-39902

EPSS 0.03%
Veröffentlicht 01.10.2025 08:15:32
Zuletzt bearbeitet 02.10.2025 19:12:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

mm/slub: avoid accessing metadata when pointer is invalid in object_err()

object_err() reports details of an object for further debugging, such as
the freelist pointer, redzone, etc. However, if the pointer is invalid,
attempting to access object metadata can lead to a crash since it does
not point to a valid object.

One known path to the crash is when alloc_consistency_checks()
determines the pointer to the allocated object is invalid because of a
freelist corruption, and calls object_err() to report it. The debug code
should report and handle the corruption gracefully and not crash in the
process.

In case the pointer is NULL or check_valid_pointer() returns false for
the pointer, only print the pointer value and skip accessing metadata.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 872f2c34ff232af1e65ad2df86d61163c8ffad42

Version 81819f0fc8285a2a5a921c019e3e3d7b6169d225

Status affected

Version < f66012909e7bf383fcdc5850709ed5716073fdc4

Version 81819f0fc8285a2a5a921c019e3e3d7b6169d225

Status affected

Version < 7e287256904ee796c9477e3ec92b07f236481ef3

Version 81819f0fc8285a2a5a921c019e3e3d7b6169d225

Status affected

Version < 1f0797f17927b5cad0fb7eced422f9a7c30a3191

Version 81819f0fc8285a2a5a921c019e3e3d7b6169d225

Status affected

Version < 0ef7058b4dc6fcef622ac23b45225db57f17b83f

Version 81819f0fc8285a2a5a921c019e3e3d7b6169d225

Status affected

Version < dda6ec365ab04067adae40ef17015db447e90736

Version 81819f0fc8285a2a5a921c019e3e3d7b6169d225

Status affected

Version < 3baa1da473e6e50281324ff1d332d1a07a3bb02e

Version 81819f0fc8285a2a5a921c019e3e3d7b6169d225

Status affected

Version < b4efccec8d06ceb10a7d34d7b1c449c569d53770

Version 81819f0fc8285a2a5a921c019e3e3d7b6169d225

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.22

Status affected

Version < 2.6.22

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.299

Status unaffected

Version <= 5.10.*

Version 5.10.243

Status unaffected

Version <= 5.15.*

Version 5.15.192

Status unaffected

Version <= 6.1.*

Version 6.1.151

Status unaffected

Version <= 6.6.*

Version 6.6.105

Status unaffected

Version <= 6.12.*

Version 6.12.46

Status unaffected

Version <= 6.16.*

Version 6.16.6

Status unaffected

Version <= *

Version 6.17

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.081

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/0ef7058b4dc6fcef622ac23b45225db57f17b83f

https://git.kernel.org/stable/c/1f0797f17927b5cad0fb7eced422f9a7c30a3191

https://git.kernel.org/stable/c/3baa1da473e6e50281324ff1d332d1a07a3bb02e

https://git.kernel.org/stable/c/7e287256904ee796c9477e3ec92b07f236481ef3

https://git.kernel.org/stable/c/872f2c34ff232af1e65ad2df86d61163c8ffad42

https://git.kernel.org/stable/c/b4efccec8d06ceb10a7d34d7b1c449c569d53770

https://git.kernel.org/stable/c/dda6ec365ab04067adae40ef17015db447e90736

https://git.kernel.org/stable/c/f66012909e7bf383fcdc5850709ed5716073fdc4

https://nvd.nist.gov/vuln/detail/CVE-2025-39902

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39902

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39902

EUVD