CVE-2025-39897

CVSS v2.0

5.7

Medium

Vector

AV:L/AC:L/Au:S/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's networking subsystem, specifically within the Xilinx Axienet driver. Insufficient error handling during retrieval of RX metadata pointers can lead to crashes or unpredictable behavior. The issue arises when dmaengine desc get metadata ptr() fails to obtain a valid pointer. The fix involves adding error checking, unmapping DMA buffers, freeing the skb, and preventing further processing with invalid data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-476

Related Identifiers

BDU:2025-15263

CVE-2025-39897

OPENSUSE-SU-2025:20172-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Ubuntu

Xilinx Axienet

CVE-2025-39897

Weakness Enumeration

Related Identifiers

Affected Products

References · 1461