PT-2025-40076 · Linux+4 · Linux Kernel+4

Published

2025-01-01

·

Updated

2026-05-26

·

CVE-2025-39902

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel’s mm/slub subsystem within the object err() function. This function is designed to report object details for debugging purposes, including freelist pointers and redzones. However, if provided with an invalid pointer, accessing object metadata can cause a system crash. This occurs because the function attempts to access memory locations that are not valid, particularly when alloc consistency checks() detects pointer invalidity due to freelist corruption. The issue arises when the function does not gracefully handle invalid pointers, leading to a crash instead of reporting the corruption.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Allocation of Resources Without Limits

Weakness Enumeration

CWE-476CWE-770

Related Identifiers

AZL-68019
BDU:2025-15669
CVE-2025-39902
DLA-4327-1
DLA-4328-1
ECHO-A00E-4A0A-9192
OESA-2026-1566
OESA-2026-1567
OESA-2026-1568
OESA-2026-1569
OESA-2026-1570
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4301-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu