CVE-2025-39755: 
Linux Ubuntu vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered in the staging gpib driver's cb7210 pcmcia component. The issue was disclosed on April 18, 2025, and affects Linux kernel versions from 6.13 up to 6.13.11 and from 6.14 up to 6.14.2. The vulnerability stems from improper initialization of the pcmcia_driver struct name field (NVD).

The vulnerability occurs because the pcmciadriver struct was only using the old .name initialization in the drv field. This implementation flaw leads to a NULL pointer dereference in the strcmp function when called from pcmciaregister_driver. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential for high availability impact (NVD, Red Hat).

The vulnerability can result in a system crash due to NULL pointer dereference, affecting system availability. The impact is limited to local attacks and requires low privileges to exploit, with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability has been fixed by properly initializing the pcmcia_driver struct name field. Users should upgrade to Linux kernel version 6.13.11 or 6.14.2 or later versions that contain the fix (Ubuntu).