CVE-2025-39897

MEDIUM

Linux kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval Add proper error checking for dmaengine_desc_get_metadata_ptr() which can return an error pointer and lead to potential crashes or undefined behaviour if the pointer retrieval fails. Properly handle the error by unmapping DMA buffer, freeing the skb and returning early to prevent further processing with invalid data.

References (3)

[Patch] https://git.kernel.org/stable/c/8bbceba7dc5090c00105e006ce28d1292cfda8dd

[Patch] https://git.kernel.org/stable/c/92e2fc92bc4eb2bc0e84404316fbc02ddd0a3196

[Patch] https://git.kernel.org/stable/c/d0ecda6fdd840b406df6617b003b036f65dd8926

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (7)

linux/linux_kernel < 6.12.46

linux/linux_kernel

linux/Kernel < 6.12.46linux

linux/Kernel < 6.16.6linux

Timeline

Published Oct 01, 2025

Tracked Since Feb 18, 2026