{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "488ffbf181718b9ad8c1838cb249d60973e78eda"
            },
            {
              "fixed": "220c491490255b656672bb572b18460cd9155926"
            },
            {
              "fixed": "99d4d1a070870aa08163af8ce0522992b7f35d8c"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39699.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/riscv: prevent NULL deref in iova_to_phys\n\nThe riscv_iommu_pte_fetch() function returns either NULL for\nunmapped/never-mapped iova, or a valid leaf pte pointer that\nrequires no further validation.\n\nriscv_iommu_iova_to_phys() failed to handle NULL returns.\nPrevent null pointer dereference in\nriscv_iommu_iova_to_phys(), and remove the pte validation.",
  "id": "CVE-2025-39699",
  "modified": "2026-04-01T23:10:22.031952678Z",
  "published": "2025-09-05T17:21:05.379Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/220c491490255b656672bb572b18460cd9155926"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/99d4d1a070870aa08163af8ce0522992b7f35d8c"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39699.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39699"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.3",
  "summary": "iommu/riscv: prevent NULL deref in iova_to_phys"
}