CVE-2025-39856 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-39856 PUBLISHED CVSS 8.699999809265137 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix null pointer dereference for ndev In the TX completion packet stage of TI SoCs with CPSW2G instance, which has single external ethernet port, ndev is accessed without being initialized if no TX packets have been processed. It results into null pointer dereference, causing kernel to crash. Fix this by having a check on the number of TX packets which have been processed.

EPSS 0.02% · 4.7th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

4.7th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.17, 6.15, 6.15
Linux	Linux	9a369ae3d1431a83589dde57323a04692dd7fc12, 0, 6.16.6

Timeline

Jan 21, 1970 Security Advisory
Sep 19, 2025 CVE Published
Sep 19, 2025 PoC Published
Sep 20, 2025 EPSS Score
Sep 26, 2025 EPSS Score
Oct 3, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score
Oct 9, 2025 EPSS Score
Oct 16, 2025 EPSS Score
Oct 22, 2025 EPSS Score
Oct 27, 2025 Coalition ESS Score

References

Open in Interactive Console →