CVE-2025-39920
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
pcmcia: Add error handling for add_interval() in do_validate_mem()
In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next.
This patch adds an error handling for the add_interval(). If add_interval() returns an error, the function will return early with the error code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7b4884ca8853a638df0eb5d251d80d67777b8b1a < 5b60ed401b47897352c520bc724c85aa908dedcc | affected |
| Linux | Linux | 7b4884ca8853a638df0eb5d251d80d67777b8b1a < ae184024ef31423e5beb44cf4f52999bbcf2fe5b | affected |
| Linux | Linux | 7b4884ca8853a638df0eb5d251d80d67777b8b1a < 85be7ef8c8e792a414940a38d94565dd48d2f236 | affected |
| Linux | Linux | 7b4884ca8853a638df0eb5d251d80d67777b8b1a < 06b26e3099207c94b3d1be8565aedc6edc4f0a60 | affected |
| Linux | Linux | 7b4884ca8853a638df0eb5d251d80d67777b8b1a < 8699358b6ac99b8ccc97ed9e6e3669ef8958ef7b | affected |
| Linux | Linux | 7b4884ca8853a638df0eb5d251d80d67777b8b1a < 289b58f8ff3198d091074a751d6b8f6827726f3e | affected |
| Linux | Linux | 7b4884ca8853a638df0eb5d251d80d67777b8b1a < 369bf6e241506583f4ee7593c53b92e5a9f271b4 | affected |
| Linux | Linux | 7b4884ca8853a638df0eb5d251d80d67777b8b1a < 4a81f78caa53e0633cf311ca1526377d9bff7479 | affected |
| Linux | Linux | 2.6.34 | affected |
| Linux | Linux | 0 < 2.6.34 | unaffected |
| Linux | Linux | 5.4.299 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.243 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.192 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.151 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.105 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.46 <= 6.12.* | unaffected |
| Linux | Linux | 6.16.6 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
References
- https://git.kernel.org/stable/c/5b60ed401b47897352c520bc724c85aa908dedcc
- https://git.kernel.org/stable/c/ae184024ef31423e5beb44cf4f52999bbcf2fe5b
- https://git.kernel.org/stable/c/85be7ef8c8e792a414940a38d94565dd48d2f236
- https://git.kernel.org/stable/c/06b26e3099207c94b3d1be8565aedc6edc4f0a60
- https://git.kernel.org/stable/c/8699358b6ac99b8ccc97ed9e6e3669ef8958ef7b
- https://git.kernel.org/stable/c/289b58f8ff3198d091074a751d6b8f6827726f3e
- https://git.kernel.org/stable/c/369bf6e241506583f4ee7593c53b92e5a9f271b4
- https://git.kernel.org/stable/c/4a81f78caa53e0633cf311ca1526377d9bff7479
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.