CVE-2025-39920
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39920
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39920.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39920
- Downstream
- Related
- Published
- 2025-10-01T07:55:15.731Z
- Modified
- 2025-11-28T02:34:42.896077Z
- Summary
- pcmcia: Add error handling for add_interval() in do_validate_mem()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
pcmcia: Add error handling for addinterval() in dovalidate_mem()
In the dovalidatemem(), the call to addinterval() does not handle errors. If kmalloc() fails in addinterval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next.
This patch adds an error handling for the addinterval(). If addinterval() returns an error, the function will return early with the error code.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39920.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/06b26e3099207c94b3d1be8565aedc6edc4f0a60
- https://git.kernel.org/stable/c/289b58f8ff3198d091074a751d6b8f6827726f3e
- https://git.kernel.org/stable/c/369bf6e241506583f4ee7593c53b92e5a9f271b4
- https://git.kernel.org/stable/c/4a81f78caa53e0633cf311ca1526377d9bff7479
- https://git.kernel.org/stable/c/5b60ed401b47897352c520bc724c85aa908dedcc
- https://git.kernel.org/stable/c/85be7ef8c8e792a414940a38d94565dd48d2f236
- https://git.kernel.org/stable/c/8699358b6ac99b8ccc97ed9e6e3669ef8958ef7b
- https://git.kernel.org/stable/c/ae184024ef31423e5beb44cf4f52999bbcf2fe5b
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39920.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39920
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7b4884ca8853a638df0eb5d251d80d67777b8b1aFixed5b60ed401b47897352c520bc724c85aa908dedccFixedae184024ef31423e5beb44cf4f52999bbcf2fe5bFixed85be7ef8c8e792a414940a38d94565dd48d2f236Fixed06b26e3099207c94b3d1be8565aedc6edc4f0a60Fixed8699358b6ac99b8ccc97ed9e6e3669ef8958ef7bFixed289b58f8ff3198d091074a751d6b8f6827726f3eFixed369bf6e241506583f4ee7593c53b92e5a9f271b4Fixed4a81f78caa53e0633cf311ca1526377d9bff7479
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.34Fixed5.4.299
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.243
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.192
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.151
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.105
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.46
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.16.6