Vulnerability Database

318,206

Total vulnerabilities in the database

CVE-2025-39902

In the Linux kernel, the following vulnerability has been resolved:

mm/slub: avoid accessing metadata when pointer is invalid in object_err()

object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since it does not point to a valid object.

One known path to the crash is when alloc_consistency_checks() determines the pointer to the allocated object is invalid because of a freelist corruption, and calls object_err() to report it. The debug code should report and handle the corruption gracefully and not crash in the process.

In case the pointer is NULL or check_valid_pointer() returns false for the pointer, only print the pointer value and skip accessing metadata.

  • Published: Oct 1, 2025
  • Updated: Jan 17, 2026
  • CVE: CVE-2025-39902
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 2.6.22 5.4.299
linux / linux_kernel 5.5 5.10.243
linux / linux_kernel 5.11 5.15.192
linux / linux_kernel 5.16 6.1.151
linux / linux_kernel 6.2 6.6.105
linux / linux_kernel 6.7 6.12.46
linux / linux_kernel 6.13 6.16.6
linux / linux_kernel 6.17-rc1 6.17-rc1.x
linux / linux_kernel 6.17-rc2 6.17-rc2.x
linux / linux_kernel 6.17-rc3 6.17-rc3.x
linux / linux_kernel 6.17-rc4 6.17-rc4.x
debian / debian_linux 11.0 11.0.x