CVE-2025-39853 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix potential invalid access when MAC list is empty

list_first_entry() never returns NULL - if the list is empty, it still
returns a pointer to an invalid object, leading to potential invalid
memory access when dereferenced.

Fix this by using list_first_entry_or_null instead of list_first_entry.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/1eadabcf5623f1237a539b16586b4ed8ac8dffcd
https://git.kernel.org/stable/c/3c6fb929afa313d9d11f780451d113f73922fe5d
https://git.kernel.org/stable/c/66e7cdbda74ee823ec2bf7b830ebd235c54f5ddf
https://git.kernel.org/stable/c/971feafe157afac443027acdc235badc6838560b
https://git.kernel.org/stable/c/9c21fc4cebd44dd21016c61261a683af390343f8
https://git.kernel.org/stable/c/a556f06338e1d5a85af0e32ecb46e365547f92b9
https://git.kernel.org/stable/c/e2a5e74879f9b494bbd66fa93f355feacde450c7
https://git.kernel.org/stable/c/fb216d980fae6561c7c70af8ef826faf059c6515

History

Fri, 19 Sep 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fix this by using list_first_entry_or_null instead of list_first_entry.
Title		i40e: Fix potential invalid access when MAC list is empty
References		https://git.kernel.org/stable/c/1eadabcf5623f1237a539b16586b4ed8ac8dffcd https://git.kernel.org/stable/c/3c6fb929afa313d9d11f780451d113f73922fe5d https://git.kernel.org/stable/c/66e7cdbda74ee823ec2bf7b830ebd235c54f5ddf https://git.kernel.org/stable/c/971feafe157afac443027acdc235badc6838560b https://git.kernel.org/stable/c/9c21fc4cebd44dd21016c61261a683af390343f8 https://git.kernel.org/stable/c/a556f06338e1d5a85af0e32ecb46e365547f92b9 https://git.kernel.org/stable/c/e2a5e74879f9b494bbd66fa93f355feacde450c7 https://git.kernel.org/stable/c/fb216d980fae6561c7c70af8ef826faf059c6515

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-19T15:26:25.101Z

Updated: 2025-09-19T15:26:25.101Z

Reserved: 2025-04-16T07:20:57.142Z

Link: CVE-2025-39853

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-19T16:15:44.213

Modified: 2025-09-19T16:15:44.213

Link: CVE-2025-39853

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object