SB2025100152 - NULL pointer dereference in Linux kernel pcmcia driver
Published: October 1, 2025
Security Bulletin ID
SB2025100152
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-39920)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_validate_mem() function in drivers/pcmcia/rsrc_nonstatic.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/06b26e3099207c94b3d1be8565aedc6edc4f0a60
- https://git.kernel.org/stable/c/289b58f8ff3198d091074a751d6b8f6827726f3e
- https://git.kernel.org/stable/c/369bf6e241506583f4ee7593c53b92e5a9f271b4
- https://git.kernel.org/stable/c/4a81f78caa53e0633cf311ca1526377d9bff7479
- https://git.kernel.org/stable/c/5b60ed401b47897352c520bc724c85aa908dedcc
- https://git.kernel.org/stable/c/85be7ef8c8e792a414940a38d94565dd48d2f236
- https://git.kernel.org/stable/c/8699358b6ac99b8ccc97ed9e6e3669ef8958ef7b
- https://git.kernel.org/stable/c/ae184024ef31423e5beb44cf4f52999bbcf2fe5b