U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-39902 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since it does not point to a valid object. One known path to the crash is when alloc_consistency_checks() determines the pointer to the allocated object is invalid because of a freelist corruption, and calls object_err() to report it. The debug code should report and handle the corruption gracefully and not crash in the process. In case the pointer is NULL or check_valid_pointer() returns false for the pointer, only print the pointer value and skip accessing metadata.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/0ef7058b4dc6fcef622ac23b45225db57f17b83f kernel.org Patch 
https://git.kernel.org/stable/c/1f0797f17927b5cad0fb7eced422f9a7c30a3191 kernel.org Patch 
https://git.kernel.org/stable/c/3baa1da473e6e50281324ff1d332d1a07a3bb02e kernel.org Patch 
https://git.kernel.org/stable/c/7e287256904ee796c9477e3ec92b07f236481ef3 kernel.org Patch 
https://git.kernel.org/stable/c/872f2c34ff232af1e65ad2df86d61163c8ffad42 kernel.org Patch 
https://git.kernel.org/stable/c/b4efccec8d06ceb10a7d34d7b1c449c569d53770 kernel.org Patch 
https://git.kernel.org/stable/c/dda6ec365ab04067adae40ef17015db447e90736 kernel.org Patch 
https://git.kernel.org/stable/c/f66012909e7bf383fcdc5850709ed5716073fdc4 kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html CVE Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html CVE Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-39902
NVD Published Date:
10/01/2025
NVD Last Modified:
01/16/2026
Source:
kernel.org