CVE-2025-39934 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpc_client device, potentially leading to NULL pointer dereference.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0da73f7827691a5e2265b110d5fe12f29535ec92
https://git.kernel.org/stable/c/15a77e1ab0a994d69b471c76b8d01117128dda26
https://git.kernel.org/stable/c/1a7ea294d57fb61485d11b3f2241d631d73025cb
https://git.kernel.org/stable/c/51a501e990a353a4f15da6bab295b28e5d118f64
https://git.kernel.org/stable/c/a10f910c77f280327b481e77eab909934ec508f0
https://git.kernel.org/stable/c/f9a089d0a6d537d0f2061c8a37a7de535ce0310e
https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2025-39934-4c48@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-39934
https://www.cve.org/CVERecord?id=CVE-2025-39934

History

Mon, 06 Oct 2025 22:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2025-39934-4c48@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-39934 https://www.cve.org/CVERecord?id=CVE-2025-39934
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 06 Oct 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Sat, 04 Oct 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpc_client device, potentially leading to NULL pointer dereference.
Title		drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
References		https://git.kernel.org/stable/c/0da73f7827691a5e2265b110d5fe12f29535ec92 https://git.kernel.org/stable/c/15a77e1ab0a994d69b471c76b8d01117128dda26 https://git.kernel.org/stable/c/1a7ea294d57fb61485d11b3f2241d631d73025cb https://git.kernel.org/stable/c/51a501e990a353a4f15da6bab295b28e5d118f64 https://git.kernel.org/stable/c/a10f910c77f280327b481e77eab909934ec508f0 https://git.kernel.org/stable/c/f9a089d0a6d537d0f2061c8a37a7de535ce0310e

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-04T07:30:58.284Z

Updated: 2025-10-04T07:37:00.467Z

Reserved: 2025-04-16T07:20:57.148Z

Link: CVE-2025-39934

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-10-04T08:15:46.210

Modified: 2025-10-06T14:56:47.823

Link: CVE-2025-39934

Redhat

Severity : Moderate

Publid Date: 2025-10-04T00:00:00Z

Links: CVE-2025-39934 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object