DNA View

CVE-2025-39920

Medium

Low Medium High Critical

5.5

CVSS Score

Published: Oct 01, 2025

Last Modified: Jan 16, 2026

CWE: CWE-476

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved:

pcmcia: Add error handling for add_interval() in do_validate_mem()

In the do_validate_mem(), the call to add_interval() does not
handle errors. If kmalloc() fails in add_interval(), it could
result in a null pointer being inserted into the linked list,
leading to illegal memory access when sub_interval() is called
next.

This patch adds an error handling for the add_interval(). If
add_interval() returns an error, the function will return early
with the error code.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

2 configuration(s) from 2 vendor(s)

debian_linux

Version:

11.0

CPE:

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

linux_kernel

Version:

6.17

CPE:

cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*

This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

10 patches available from vendors

View All Patches

Canonical (Ubuntu)

USN-8261-1

USN-8261-1: Linux kernel (Xilinx) vulnerabilities

Severity

Unknown

Released

May 07, 2026

Restart Required

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-8165-1

USN-8165-1: Linux kernel (Azure FIPS) vulnerabilities

Severity

Unknown

Released

Apr 09, 2026

Restart Required

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-8095-5

USN-8095-5: Linux kernel (Raspberry Pi) vulnerabilities

Severity

Unknown

Released

Apr 01, 2026

Restart Required

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-8126-1

USN-8126-1: Linux kernel (Azure) vulnerabilities

Severity

Unknown

Released

Mar 25, 2026

Restart Required

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-8125-1

USN-8125-1: Linux kernel (Azure) vulnerabilities

Severity

Unknown

Released

Mar 25, 2026

Restart Required

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-8095-4

USN-8095-4: Linux kernel (AWS) vulnerabilities

Severity

Unknown

Released

Mar 23, 2026

Restart Required

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-8095-3

USN-8095-3: Linux kernel (Real-time) vulnerabilities

Severity

Unknown

Released

Mar 17, 2026

Restart Required

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-8095-2

USN-8095-2: Linux kernel (FIPS) vulnerabilities

Severity

Unknown

Released

Mar 16, 2026

Restart Required

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-8100-1

USN-8100-1: Linux kernel (NVIDIA) vulnerabilities

Severity

Unknown

Released

Mar 16, 2026

Restart Required

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-8095-1

USN-8095-1: Linux kernel vulnerabilities

Severity

Unknown

Released

Mar 16, 2026

Restart Required

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

5.5

out of 10.0

Medium

Weakness Type (CWE)

CWE-476 Top 25 #21

NULL Pointer Dereference

Description: The product dereferences a pointer that it expects to be valid but is NULL.
Exploit Likelihood: Medium
Typical Severity: High
Abstraction Level: Base