{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T15:28:07.504","vulnerabilities":[{"cve":{"id":"CVE-2025-39903","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-10-01T08:15:33.133","lastModified":"2026-01-14T20:16:12.863","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nof_numa: fix uninitialized memory nodes causing kernel panic\n\nWhen there are memory-only nodes (nodes without CPUs), these nodes are not\nproperly initialized, causing kernel panic during boot.\n\nof_numa_init\n\tof_numa_parse_cpu_nodes\n\t\tnode_set(nid, numa_nodes_parsed);\n\tof_numa_parse_memory_nodes\n\nIn of_numa_parse_cpu_nodes, numa_nodes_parsed gets updated only for nodes\ncontaining CPUs.  Memory-only nodes should have been updated in\nof_numa_parse_memory_nodes, but they weren't.\n\nSubsequently, when free_area_init() attempts to access NODE_DATA() for\nthese uninitialized memory nodes, the kernel panics due to NULL pointer\ndereference.\n\nThis can be reproduced on ARM64 QEMU with 1 CPU and 2 memory nodes:\n\nqemu-system-aarch64 \\\n-cpu host -nographic \\\n-m 4G -smp 1 \\\n-machine virt,accel=kvm,gic-version=3,iommu=smmuv3 \\\n-object memory-backend-ram,size=2G,id=mem0 \\\n-object memory-backend-ram,size=2G,id=mem1 \\\n-numa node,nodeid=0,memdev=mem0 \\\n-numa node,nodeid=1,memdev=mem1 \\\n-kernel $IMAGE \\\n-hda $DISK \\\n-append \"console=ttyAMA0 root=/dev/vda rw earlycon\"\n\n[    0.000000] Booting Linux on physical CPU 0x0000000000 [0x481fd010]\n[    0.000000] Linux version 6.17.0-rc1-00001-gabb4b3daf18c-dirty (yintirui@local) (gcc (GCC) 12.3.1, GNU ld (GNU Binutils) 2.41) #52 SMP PREEMPT Mon Aug 18 09:49:40 CST 2025\n[    0.000000] KASLR enabled\n[    0.000000] random: crng init done\n[    0.000000] Machine model: linux,dummy-virt\n[    0.000000] efi: UEFI not found.\n[    0.000000] earlycon: pl11 at MMIO 0x0000000009000000 (options '')\n[    0.000000] printk: legacy bootconsole [pl11] enabled\n[    0.000000] OF: reserved mem: Reserved memory: No reserved-memory node in the DT\n[    0.000000] NODE_DATA(0) allocated [mem 0xbfffd9c0-0xbfffffff]\n[    0.000000] node 1 must be removed before remove section 23\n[    0.000000] Zone ranges:\n[    0.000000]   DMA      [mem 0x0000000040000000-0x00000000ffffffff]\n[    0.000000]   DMA32    empty\n[    0.000000]   Normal   [mem 0x0000000100000000-0x000000013fffffff]\n[    0.000000] Movable zone start for each node\n[    0.000000] Early memory node ranges\n[    0.000000]   node   0: [mem 0x0000000040000000-0x00000000bfffffff]\n[    0.000000]   node   1: [mem 0x00000000c0000000-0x000000013fffffff]\n[    0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x00000000bfffffff]\n[    0.000000] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0\n[    0.000000] Mem abort info:\n[    0.000000]   ESR = 0x0000000096000004\n[    0.000000]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    0.000000]   SET = 0, FnV = 0\n[    0.000000]   EA = 0, S1PTW = 0\n[    0.000000]   FSC = 0x04: level 0 translation fault\n[    0.000000] Data abort info:\n[    0.000000]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[    0.000000]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[    0.000000]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[    0.000000] [00000000000000a0] user address but active_mm is swapper\n[    0.000000] Internal error: Oops: 0000000096000004 [#1]  SMP\n[    0.000000] Modules linked in:\n[    0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.17.0-rc1-00001-g760c6dabf762-dirty #54 PREEMPT\n[    0.000000] Hardware name: linux,dummy-virt (DT)\n[    0.000000] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    0.000000] pc : free_area_init+0x50c/0xf9c\n[    0.000000] lr : free_area_init+0x5c0/0xf9c\n[    0.000000] sp : ffffa02ca0f33c00\n[    0.000000] x29: ffffa02ca0f33cb0 x28: 0000000000000000 x27: 0000000000000000\n[    0.000000] x26: 4ec4ec4ec4ec4ec5 x25: 00000000000c0000 x24: 00000000000c0000\n[    0.000000] x23: 0000000000040000 x22: 0000000000000000 x21: ffffa02ca0f3b368\n[    0.000000] x20: ffffa02ca14c7b98 x19: 0000000000000000 x18: 0000000000000002\n[    0.000000] x17: 000000000000cacc x16: 0000000000000001 x15: 0000000000000001\n[    0.000000] x14: 0000000080000000 x13: 0000000000000018 x12: 0000000000000002\n[    0.0\n---truncated---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.46","matchCriteriaId":"96546B77-B366-48B1-AAAE-0BD3C9328ECC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.16.6","matchCriteriaId":"548F104C-0F08-438B-9C97-64C903F0C678"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*","matchCriteriaId":"327D22EF-390B-454C-BD31-2ED23C998A1C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*","matchCriteriaId":"C730CD9A-D969-4A8E-9522-162AAF7C0EE9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*","matchCriteriaId":"39982C4B-716E-4B2F-8196-FA301F47807D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*","matchCriteriaId":"340BEEA9-D70D-4290-B502-FBB1032353B1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c2daa6eb4740720b5bd0e06267d7c93a3eed844e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee4d098cbc9160f573b5c1b5a51d6158efdb2896","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f3286ad8eeae15fd4bd5c12f9adfe888b26baf62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}