Login Sign Up

CVE-2025-39857

5.5 MEDIUM
Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's SMC (Shared Memory Communications) module allows local attackers to cause a kernel panic (denial of service) when using software RoCE (RDMA over Converged Ethernet) devices. This affects Linux systems with the SMC module loaded and configured to use software RoCE. The vulnerability is triggered during network connection handling, potentially disrupting system stability.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Affected versions include those before the fix commits (e.g., up to 6.17.0-rc2 and earlier stable releases with the vulnerable code).
Operating Systems: Linux distributions using affected kernel versions with SMC support enabled.
Default Config Vulnerable: ✅ No
Notes: Vulnerability is specific to configurations where the SMC module is loaded and software RoCE devices are used; not all systems are affected by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring a reboot to restore functionality.

🟠

Likely Case

Local denial of service via kernel panic when software RoCE is used with SMC, causing temporary unavailability.

🟢

If Mitigated

Minimal impact if the SMC module is not loaded or software RoCE is disabled; systems remain stable.

🌐 Internet-Facing: LOW, as exploitation requires local access to trigger the kernel panic via the SMC module.
🏢 Internal Only: MEDIUM, as internal users or processes with local access could exploit this to cause denial of service, especially in environments using software RoCE with SMC.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of triggering the SMC module with software RoCE; no public exploits are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits such as 0cdf1fd8fc59d44a48c694324611136910301ef9 and others listed in references.

Vendor Advisory: https://git.kernel.org/stable/c/0cdf1fd8fc59d44a48c694324611136910301ef9

Restart Required: Yes

Instructions:

1. Update the Linux kernel to a version that includes the fix (e.g., apply patches from stable kernel trees). 2. Reboot the system to load the new kernel. 3. Verify the fix by checking kernel logs for absence of the NULL pointer dereference.

🔧 Temporary Workarounds

Disable SMC module

Linux

Unload the SMC kernel module to prevent exploitation, but this may disable SMC functionality.

sudo rmmod smc

Avoid software RoCE usage

Linux

Configure systems to not use software RoCE devices with SMC, reducing the attack surface.

Check and modify network configurations to disable software RoCE if possible.

🧯 If You Can't Patch

  • Restrict local access to systems to trusted users only to reduce exploitation risk.
  • Monitor kernel logs for signs of crashes or NULL pointer dereferences related to SMC and take corrective actions if detected.

🔍 How to Verify

Check if Vulnerable:

Check if the SMC module is loaded and if the kernel version is before the fix; use 'lsmod | grep smc' and 'uname -r' to compare with patched versions.

Check Version:

uname -r

Verify Fix Applied:

After patching, ensure the kernel version includes the fix commit and test SMC functionality with software RoCE to confirm no crashes occur.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages mentioning 'smc_ib_is_sg_need_sync' or NULL pointer dereference at address 00000000000002ec in system logs (e.g., /var/log/kern.log).

Network Indicators:

  • Unusual network disruptions or SMC connection failures that could indicate exploitation attempts.

SIEM Query:

Example query for syslog: 'event_source="kernel" AND message CONTAINS "smc_ib_is_sg_need_sync" OR message CONTAINS "NULL pointer dereference"'

📊 Metadata

CVE ID: CVE-2025-39857
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.02% exploit probability (5.5th percentile)
Published: September 19, 2025
Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-39857, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)