CVE-2025-39856 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 94.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 19

Latest updateSep 22

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix null pointer dereference for ndev In the TX completion packet stage of TI SoCs with CPSW2G instance, which has single external ethernet port, ndev is accessed without being initialized if no TX packets have been processed. It results into null pointer dereference, causing kernel to crash. Fix this by having a check on the number of TX packets which have been processed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel6.15 — 6.16.6+1

▶Debianlinux/linux_kernel< 6.16.6-1

▶CVEListV5linux/linux9a369ae3d1431a83589dde57323a04692dd7fc12 — 485302905bada953aadfe063320d73c892a66cbb+2

▶debiandebian/linux< linux 6.16.6-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-5m54-qph5-4wvp: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix null pointer dereference for ndev In the↗2025-09-22

▶

OSV

CVE-2025-39856: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix null pointer dereference for ndev In the TX↗2025-09-19

▶

📋Vendor Advisories

Red Hat

kernel: net: ethernet: ti: am65-cpsw-nuss: Fix null pointer dereference for ndev↗2025-09-19

▶

Debian

CVE-2025-39856: linux - In the Linux kernel, the following vulnerability has been resolved: net: ethern...↗2025

▶