VDB

CISA-2025-39897

CISA-2025-39897 PUBLISHED CVSS 5.5 MEDIUM

Reported by Linux · Published October 1, 2025

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval Add proper error checking for dmaengine_desc_get_metadata_ptr() which can return an error pointer and lead to potential crashes or undefined behaviour if the pointer retrieval fails. Properly handle the error by unmapping DMA buffer, freeing the skb and returning early to prevent further processing with invalid data.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
LinuxLinux6a91b846af85a24241decd686269e8e038eb13d1, 6a91b846af85a24241decd686269e8e038eb13d1, 6a91b846af85a24241decd686269e8e038eb13d1
LinuxLinux6.8, 0, 6.12.46
linuxlinux_kernel6.8, 6.8, 6.8
LinuxLinux*, 6a91b846af85a24241decd686269e8e038eb13d1, 6a91b846af85a24241decd686269e8e038eb13d1

Timeline

  • Oct 1, 2025 CVE Published
  • Jan 14, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›