CVE-2025-39676NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-394Unexpected Status Code or Return Value30 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 5
Latest updateMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Propagating the error pointers will lead to an Oops in the caller, so change the error pointers to NULL.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel3.2.15.4.297+8
Debianlinux/linux_kernel< 5.10.244-1+3
CVEListV5linux/linux13483730a13bef372894aefcf73760f5c6c297bed0225f41ee70611ca88ccb22c8542ecdfa7faea8+8

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-2m84-5929-4fcx: In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_2025-09-05
CVEList
scsi: qla4xxx: Prevent a potential error pointer dereference2025-09-05
OSV
CVE-2025-39676: In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fw2025-09-05

📋Vendor Advisories

26
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24
CVE-2025-39676 — NULL Pointer Dereference in Linux | cvebase