CVE-2025-39853

In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix potential invalid access when MAC list is empty

list_first_entry() never returns NULL - if the list is empty, it still
returns a pointer to an invalid object, leading to potential invalid
memory access when dereferenced.

Fix this by using list_first_entry_or_null instead of list_first_entry.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
forky
6.16.7-1
fixed
sid
6.16.7-1
fixed
References
https://git.kernel.org/stable/c/1eadabcf5623f1237a539b16586b4ed8ac8dffcd
https://git.kernel.org/stable/c/3c6fb929afa313d9d11f780451d113f73922fe5d
https://git.kernel.org/stable/c/66e7cdbda74ee823ec2bf7b830ebd235c54f5ddf
https://git.kernel.org/stable/c/971feafe157afac443027acdc235badc6838560b
https://git.kernel.org/stable/c/9c21fc4cebd44dd21016c61261a683af390343f8
https://git.kernel.org/stable/c/a556f06338e1d5a85af0e32ecb46e365547f92b9
https://git.kernel.org/stable/c/e2a5e74879f9b494bbd66fa93f355feacde450c7
https://git.kernel.org/stable/c/fb216d980fae6561c7c70af8ef826faf059c6515