fkie_nvd - fkie_cve-2025-39699

fkie_cve-2025-39699

Vulnerability from fkie_nvd

Published

2025-09-05 18:15

Modified

2025-09-08 16:25

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: prevent NULL deref in iova_to_phys The riscv_iommu_pte_fetch() function returns either NULL for unmapped/never-mapped iova, or a valid leaf pte pointer that requires no further validation. riscv_iommu_iova_to_phys() failed to handle NULL returns. Prevent null pointer dereference in riscv_iommu_iova_to_phys(), and remove the pte validation.

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/220c491490255b656672bb572b18460cd9155926
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/99d4d1a070870aa08163af8ce0522992b7f35d8c

Impacted products

	Vendor	Product	Version

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/riscv: prevent NULL deref in iova_to_phys\n\nThe riscv_iommu_pte_fetch() function returns either NULL for\nunmapped/never-mapped iova, or a valid leaf pte pointer that\nrequires no further validation.\n\nriscv_iommu_iova_to_phys() failed to handle NULL returns.\nPrevent null pointer dereference in\nriscv_iommu_iova_to_phys(), and remove the pte validation."
    }
  ],
  "id": "CVE-2025-39699",
  "lastModified": "2025-09-08T16:25:38.810",
  "metrics": {},
  "published": "2025-09-05T18:15:46.870",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/220c491490255b656672bb572b18460cd9155926"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/99d4d1a070870aa08163af8ce0522992b7f35d8c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CVE-2025-39699 (GCVE-0-2025-39699)

Vulnerability from cvelistv5

Published

2025-09-05 17:21

Modified

2025-09-29 05:57

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: prevent NULL deref in iova_to_phys The riscv_iommu_pte_fetch() function returns either NULL for unmapped/never-mapped iova, or a valid leaf pte pointer that requires no further validation. riscv_iommu_iova_to_phys() failed to handle NULL returns. Prevent null pointer dereference in riscv_iommu_iova_to_phys(), and remove the pte validation.

References

URL

Tags

	https://git.kernel.org/stable/c/220c491490255b656672bb572b18460cd9155926
	https://git.kernel.org/stable/c/99d4d1a070870aa08163af8ce0522992b7f35d8c

Impacted products

Vendor

Product

Version

Version: 488ffbf181718b9ad8c1838cb249d60973e78eda
Version: 488ffbf181718b9ad8c1838cb249d60973e78eda

Version: 6.13

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/riscv/iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "220c491490255b656672bb572b18460cd9155926",
              "status": "affected",
              "version": "488ffbf181718b9ad8c1838cb249d60973e78eda",
              "versionType": "git"
            },
            {
              "lessThan": "99d4d1a070870aa08163af8ce0522992b7f35d8c",
              "status": "affected",
              "version": "488ffbf181718b9ad8c1838cb249d60973e78eda",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/riscv/iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.13"
            },
            {
              "lessThan": "6.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.4",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/riscv: prevent NULL deref in iova_to_phys\n\nThe riscv_iommu_pte_fetch() function returns either NULL for\nunmapped/never-mapped iova, or a valid leaf pte pointer that\nrequires no further validation.\n\nriscv_iommu_iova_to_phys() failed to handle NULL returns.\nPrevent null pointer dereference in\nriscv_iommu_iova_to_phys(), and remove the pte validation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:57:40.204Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/220c491490255b656672bb572b18460cd9155926"
        },
        {
          "url": "https://git.kernel.org/stable/c/99d4d1a070870aa08163af8ce0522992b7f35d8c"
        }
      ],
      "title": "iommu/riscv: prevent NULL deref in iova_to_phys",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39699",
    "datePublished": "2025-09-05T17:21:05.379Z",
    "dateReserved": "2025-04-16T07:20:57.115Z",
    "dateUpdated": "2025-09-29T05:57:40.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.