CVE-2025-39990NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 91.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
LinuxLinux KernelDebian Linux+9 more
Timeline
PublishedOct 15

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the helper function is valid in get_helper_proto kernel test robot reported verifier bug [1] where the helper func pointer could be NULL due to disabled config option. As Alexei suggested we could check on that in get_helper_proto directly. Marking tail_call helper func with BPF_PTR_POISON, because it is unused by design. [1] https://lore.kernel.org/oe-lkp/[email protected]

Affected Packages13 packages

Linuxlinux/linux_kernel5.8.06.12.50+1
Debianlinux/linux_kernel< 6.12.57-1+1

🔴Vulnerability Details

3
OSV
CVE-2025-39990: In the Linux kernel, the following vulnerability has been resolved: bpf: Check the helper function is valid in get_helper_proto kernel test robot repo2025-10-15
OSV
bpf: Check the helper function is valid in get_helper_proto2025-10-15
GHSA
GHSA-2m9q-5w5g-jwfp: In the Linux kernel, the following vulnerability has been resolved: bpf: Check the helper function is valid in get_helper_proto kernel test robot re2025-10-15

📋Vendor Advisories

3
Red Hat
kernel: bpf: Check the helper function is valid in get_helper_proto2025-10-15
Microsoft
bpf: Check the helper function is valid in get_helper_proto2025-10-14
Debian
CVE-2025-39990: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Check ...2025