In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is a dereference of res in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference on failure of pcmcia_make_resource(). Fix this bug by adding a check of res.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux
  • Linux Kernel
References
Link Providers
https://git.kernel.org/stable/c/2ee32c4c4f636e474cd8ab7c19a68cf36072ea93 cve-icon cve-icon
https://git.kernel.org/stable/c/44822df89e8f3386871d9cad563ece8e2fd8f0e7 cve-icon cve-icon
https://git.kernel.org/stable/c/4bd570f494124608a0696da070f00236a96fb610 cve-icon cve-icon
https://git.kernel.org/stable/c/5ff2826c998370bf7f9ae26fe802140d220e3510 cve-icon cve-icon
https://git.kernel.org/stable/c/b990c8c6ff50649ad3352507398e443b1e3527b2 cve-icon cve-icon
https://git.kernel.org/stable/c/ce3b7766276894d2fbb07e2047a171f9deb965de cve-icon cve-icon
https://git.kernel.org/stable/c/d7286005e8fde0a430dc180a9f46c088c7d74483 cve-icon cve-icon
https://git.kernel.org/stable/c/fafa7450075f41d232bc785a4ebcbf16374f2076 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091903-CVE-2025-39846-0d36@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39846 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39846 cve-icon
History

Mon, 22 Sep 2025 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Sat, 20 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 19 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is a dereference of res in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference on failure of pcmcia_make_resource(). Fix this bug by adding a check of res.
Title pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-09-29T06:00:56.145Z

Reserved: 2025-04-16T07:20:57.141Z

Link: CVE-2025-39846

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-19T16:15:43.397

Modified: 2025-09-22T21:23:01.543

Link: CVE-2025-39846

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-09-19T00:00:00Z

Links: CVE-2025-39846 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-09-22T10:06:18Z