Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-39678
CVE-2025-39678:
Linux Kernel vulnerability analysis and mitigation
Overview
CVE-2025-39678 is a vulnerability discovered in the Linux kernel affecting the AMD HSMP (Host System Management Port) driver. The vulnerability was disclosed on September 5, 2025, and involves a NULL pointer dereference issue in the platform/x86/amd/hsmp component when accessing metrics without proper validation of the metric table address (NVD).
Technical details
The vulnerability occurs in the AMD HSMP driver when accessing the metricsbin without properly validating that sock->metrictbladdr is non-NULL. If the metric table address is not allocated, attempting to access metricsbin results in a NULL pointer dereference (NVD).
Impact
A NULL pointer dereference can occur in the AMD HSMP driver when the metric table address is not properly validated, potentially leading to system crashes or denial of service conditions (Red Hat).
Mitigation and workarounds
The vulnerability has been resolved by adding a check to ensure sock->metrictbladdr is non-NULL before accessing metrics_bin. The fix is available through kernel updates (NVD).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management