ghsa-27rc-rcpv-8mr7
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: avoid accessing metadata when pointer is invalid in object_err()
object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since it does not point to a valid object.
One known path to the crash is when alloc_consistency_checks() determines the pointer to the allocated object is invalid because of a freelist corruption, and calls object_err() to report it. The debug code should report and handle the corruption gracefully and not crash in the process.
In case the pointer is NULL or check_valid_pointer() returns false for the pointer, only print the pointer value and skip accessing metadata.
{
"affected": [],
"aliases": [
"CVE-2025-39902"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T08:15:32Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"id": "GHSA-27rc-rcpv-8mr7",
"modified": "2025-11-03T18:31:44Z",
"published": "2025-10-01T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39902"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ef7058b4dc6fcef622ac23b45225db57f17b83f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f0797f17927b5cad0fb7eced422f9a7c30a3191"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3baa1da473e6e50281324ff1d332d1a07a3bb02e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e287256904ee796c9477e3ec92b07f236481ef3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/872f2c34ff232af1e65ad2df86d61163c8ffad42"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4efccec8d06ceb10a7d34d7b1c449c569d53770"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dda6ec365ab04067adae40ef17015db447e90736"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f66012909e7bf383fcdc5850709ed5716073fdc4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.