ghsa-3gqp-rpmv-vmwg
Vulnerability from github
Published
2025-10-01 09:30
Modified
2025-11-03 18:31
Details

In the Linux kernel, the following vulnerability has been resolved:

pcmcia: Add error handling for add_interval() in do_validate_mem()

In the do_validate_mem(), the call to add_interval() does not handle errors. If kmalloc() fails in add_interval(), it could result in a null pointer being inserted into the linked list, leading to illegal memory access when sub_interval() is called next.

This patch adds an error handling for the add_interval(). If add_interval() returns an error, the function will return early with the error code.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-39920"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T08:15:35Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npcmcia: Add error handling for add_interval() in do_validate_mem()\n\nIn the do_validate_mem(), the call to add_interval() does not\nhandle errors. If kmalloc() fails in add_interval(), it could\nresult in a null pointer being inserted into the linked list,\nleading to illegal memory access when sub_interval() is called\nnext.\n\nThis patch adds an error handling for the add_interval(). If\nadd_interval() returns an error, the function will return early\nwith the error code.",
  "id": "GHSA-3gqp-rpmv-vmwg",
  "modified": "2025-11-03T18:31:44Z",
  "published": "2025-10-01T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39920"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/06b26e3099207c94b3d1be8565aedc6edc4f0a60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/289b58f8ff3198d091074a751d6b8f6827726f3e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/369bf6e241506583f4ee7593c53b92e5a9f271b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a81f78caa53e0633cf311ca1526377d9bff7479"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b60ed401b47897352c520bc724c85aa908dedcc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85be7ef8c8e792a414940a38d94565dd48d2f236"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8699358b6ac99b8ccc97ed9e6e3669ef8958ef7b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ae184024ef31423e5beb44cf4f52999bbcf2fe5b"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.