{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-39902","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.146Z","datePublished":"2025-10-01T07:42:49.415Z","dateUpdated":"2026-05-11T21:38:37.041Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:38:37.041Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/slub.c"],"versions":[{"version":"81819f0fc8285a2a5a921c019e3e3d7b6169d225","lessThan":"872f2c34ff232af1e65ad2df86d61163c8ffad42","status":"affected","versionType":"git"},{"version":"81819f0fc8285a2a5a921c019e3e3d7b6169d225","lessThan":"f66012909e7bf383fcdc5850709ed5716073fdc4","status":"affected","versionType":"git"},{"version":"81819f0fc8285a2a5a921c019e3e3d7b6169d225","lessThan":"7e287256904ee796c9477e3ec92b07f236481ef3","status":"affected","versionType":"git"},{"version":"81819f0fc8285a2a5a921c019e3e3d7b6169d225","lessThan":"1f0797f17927b5cad0fb7eced422f9a7c30a3191","status":"affected","versionType":"git"},{"version":"81819f0fc8285a2a5a921c019e3e3d7b6169d225","lessThan":"0ef7058b4dc6fcef622ac23b45225db57f17b83f","status":"affected","versionType":"git"},{"version":"81819f0fc8285a2a5a921c019e3e3d7b6169d225","lessThan":"dda6ec365ab04067adae40ef17015db447e90736","status":"affected","versionType":"git"},{"version":"81819f0fc8285a2a5a921c019e3e3d7b6169d225","lessThan":"3baa1da473e6e50281324ff1d332d1a07a3bb02e","status":"affected","versionType":"git"},{"version":"81819f0fc8285a2a5a921c019e3e3d7b6169d225","lessThan":"b4efccec8d06ceb10a7d34d7b1c449c569d53770","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/slub.c"],"versions":[{"version":"2.6.22","status":"affected"},{"version":"0","lessThan":"2.6.22","status":"unaffected","versionType":"semver"},{"version":"5.4.299","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.243","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.192","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.151","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.105","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.46","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.16.6","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.4.299"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.10.243"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.15.192"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.1.151"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.6.105"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.12.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.16.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/872f2c34ff232af1e65ad2df86d61163c8ffad42"},{"url":"https://git.kernel.org/stable/c/f66012909e7bf383fcdc5850709ed5716073fdc4"},{"url":"https://git.kernel.org/stable/c/7e287256904ee796c9477e3ec92b07f236481ef3"},{"url":"https://git.kernel.org/stable/c/1f0797f17927b5cad0fb7eced422f9a7c30a3191"},{"url":"https://git.kernel.org/stable/c/0ef7058b4dc6fcef622ac23b45225db57f17b83f"},{"url":"https://git.kernel.org/stable/c/dda6ec365ab04067adae40ef17015db447e90736"},{"url":"https://git.kernel.org/stable/c/3baa1da473e6e50281324ff1d332d1a07a3bb02e"},{"url":"https://git.kernel.org/stable/c/b4efccec8d06ceb10a7d34d7b1c449c569d53770"}],"title":"mm/slub: avoid accessing metadata when pointer is invalid in object_err()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:44:33.198Z"}}]}}