PT-2025-38560 · Linux+5 · Linux Kernel+5

Published

2025-04-16

·

Updated

2026-05-26

·

CVE-2025-39853

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains an issue in the i40e driver where an invalid memory access could occur when the MAC list is empty. The list first entry() function does not return NULL, potentially leading to dereferencing an invalid object if the list is empty. This was addressed by using list first entry or null instead of list first entry().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

NULL Pointer Dereference

Weakness Enumeration

CWE-125CWE-476

Related Identifiers

AZL-67523
AZL-74847
BDU:2025-13679
CVE-2025-39853
DLA-4327-1
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-378C-D0C1-B43E
INFESA-2025_0006
OESA-2025-2465
OESA-2025-2466
OESA-2025-2467
OESA-2026-1341
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu
I40E