CVE-2025-39936

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc4+ #1

Description The Linux kernel contained an issue in the crypto/ccp module where the sev platform shutdown locked() function was called with a NULL argument, leading to a NULL pointer dereference during suspend to disk. This occurred because an error pointer was not consistently passed to the function. The issue was addressed by ensuring a pointer to a function-local error variable is passed in the caller. This resulted in proper error reporting during suspension and shutdown of the ccp driver.

Recommendations Update to a version newer than 6.17.0-rc4+ #1.