CVE-2025-40011
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-20

Last updated on: 2025-10-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the driver_data obtained from the same dev is dereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is extracted from it. To prevent this, swap these calls. Found by Linux Verification Center (linuxtesting.org) with Svacer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-20
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40011
EUVD
EUVD-2025-35069
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's drm/gma500 driver involves a null pointer dereference during HDMI teardown. Specifically, pci_set_drvdata sets the device's driver_data to NULL, but then the code attempts to dereference this now NULL driver_data in the oaktrail_hdmi_i2c_exit function to extract the i2c_dev, which can cause a crash or unexpected behavior. The fix involves swapping the calls to avoid dereferencing NULL.

Impact Analysis

This vulnerability can cause the Linux kernel to crash or behave unexpectedly during HDMI teardown on affected hardware, potentially leading to denial of service or system instability.

Mitigation Strategies

Apply the patch or update to the fixed version of the Linux kernel that resolves the drm/gma500 null dereference issue in hdmi teardown by swapping the calls in oaktrail_hdmi_i2c_exit to prevent dereferencing NULL driver_data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40011. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart