U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-39920 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for add_interval() in do_validate_mem() In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next. This patch adds an error handling for the add_interval(). If add_interval() returns an error, the function will return early with the error code.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/06b26e3099207c94b3d1be8565aedc6edc4f0a60 kernel.org Patch 
https://git.kernel.org/stable/c/289b58f8ff3198d091074a751d6b8f6827726f3e kernel.org Patch 
https://git.kernel.org/stable/c/369bf6e241506583f4ee7593c53b92e5a9f271b4 kernel.org Patch 
https://git.kernel.org/stable/c/4a81f78caa53e0633cf311ca1526377d9bff7479 kernel.org Patch 
https://git.kernel.org/stable/c/5b60ed401b47897352c520bc724c85aa908dedcc kernel.org Patch 
https://git.kernel.org/stable/c/85be7ef8c8e792a414940a38d94565dd48d2f236 kernel.org Patch 
https://git.kernel.org/stable/c/8699358b6ac99b8ccc97ed9e6e3669ef8958ef7b kernel.org Patch 
https://git.kernel.org/stable/c/ae184024ef31423e5beb44cf4f52999bbcf2fe5b kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html CVE Mailing List  Third Party Advisory 
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html CVE Mailing List  Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-39920
NVD Published Date:
10/01/2025
NVD Last Modified:
01/16/2026
Source:
kernel.org