CVE-2025-39857
published 2025-09-19CVE-2025-39857: In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() BUG: kernel NULL…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()
BUG: kernel NULL pointer dereference, address: 00000000000002ec
PGD 0 P4D 0
Oops: Oops: 0000 [#1] SMP PTI
CPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainted: G OE 6.17.0-rc2+ #9 NONE
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
Workqueue: smc_hs_wq smc_listen_work [smc]
RIP: 0010:smc_ib_is_sg_need_sync+0x9e/0xd0 [smc]
...
Call Trace:
smcr_buf_map_link+0x211/0x2a0 [smc]
__smc_buf_create+0x522/0x970 [smc]
smc_buf_create+0x3a/0x110 [smc]
smc_find_rdma_v2_device_serv+0x18f/0x240 [smc]
? smc_vlan_by_tcpsk+0x7e/0xe0 [smc]
smc_listen_find_device+0x1dd/0x2b0 [smc]
smc_listen_work+0x30f/0x580 [smc]
process_one_work+0x18c/0x340
worker_thread+0x242/0x360
kthread+0xe7/0x220
ret_from_fork+0x13a/0x160
ret_from_fork_asm+0x1a/0x30
If the software RoCE device is used, ibdev->dma_device is a null pointer.
As a result, the problem occurs. Null pointer detection is added to
prevent problems.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 0ef69e788411cba2af017db731a9fc62d255e9ac < 0cdf1fd8fc59d44a48c694324611136910301ef9 | 0cdf1fd8fc59d44a48c694324611136910301ef9 |
| linux | linux | >= 0ef69e788411cba2af017db731a9fc62d255e9ac < f18d9b3abf9c6587372cc702f963a7592277ed56 | f18d9b3abf9c6587372cc702f963a7592277ed56 |
| linux | linux | >= 0ef69e788411cba2af017db731a9fc62d255e9ac < eb929910bd4b4165920fa06a87b22cc6cae92e0e | eb929910bd4b4165920fa06a87b22cc6cae92e0e |
| linux | linux | >= 0ef69e788411cba2af017db731a9fc62d255e9ac < 34f17cbe027050b8d5316ea1b6f9bd7c378e92de | 34f17cbe027050b8d5316ea1b6f9bd7c378e92de |
| linux | linux | >= 0ef69e788411cba2af017db731a9fc62d255e9ac < ba1e9421cf1a8369d25c3832439702a015d6b5f9 | ba1e9421cf1a8369d25c3832439702a015d6b5f9 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.48-1 | 6.12.48-1 |
| linux | linux_kernel | >= 0 < 6.16.6-1 | 6.16.6-1 |
| linux | linux_kernel | >= 0 < 6.8.0-106.106 | 6.8.0-106.106 |
| linux | linux_kernel | >= 6.0 < 6.1.151 | 6.1.151 |
| linux | linux_kernel | >= 6.13 < 6.16.6 | 6.16.6 |
| linux | linux_kernel | >= 6.2 < 6.6.105 | 6.6.105 |
| linux | linux_kernel | >= 6.7 < 6.12.46 | 6.12.46 |
| msrc | azl3_kernel_6.6.104.2-4_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.96.2-2_on_azure_linux_3.0 | — | — |
| ubuntu | linux-xilinx | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM