CVE-2025-39858

Summary

In the Linux kernel, the following vulnerability has been resolved:

eth: mlx4: Fix IS_ERR() vs NULL check bug in mlx4_en_create_rx_ring

Replace NULL check with IS_ERR() check after calling page_pool_create() since this function returns error pointers (ERR_PTR). Using NULL check could lead to invalid pointer dereference.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8533b14b3d65ee666ba31254787c1bdaee56d95a < 7b77d8841a98a9f45c8a615222c698df8dec581caffected
LinuxLinux8533b14b3d65ee666ba31254787c1bdaee56d95a < e580beaf43d563aaf457f1c7f934002355ebfe7baffected
LinuxLinux6.15affected
LinuxLinux0 < 6.15unaffected
LinuxLinux6.16.6 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References