CVE-2025-39846 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference25 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 96.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 19

Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is a dereference of res in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference on failure of pcmcia_make_resource(). Fix this bug by adding a check of res.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel2.6.35 — 5.4.299+7

▶Debianlinux/linux_kernel< 5.10.244-1+3

▶CVEListV5linux/linux49b1153adfe18a3cce7e70aa26c690f275917cd0 — b990c8c6ff50649ad3352507398e443b1e3527b2+8

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-7jhx-j65p-qc96: In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_fi↗2025-09-22

▶

OSV

CVE-2025-39846: In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find↗2025-09-19

▶

CVEList

pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()↗2025-09-19

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-04-09

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2026-04-01

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2026-03-23

▶