CVE-2025-40011
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-21
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's drm/gma500 driver involves a null pointer dereference during HDMI teardown. Specifically, pci_set_drvdata sets the device's driver_data to NULL, but then the code attempts to dereference this now NULL driver_data in the oaktrail_hdmi_i2c_exit function to extract the i2c_dev, which can cause a crash or unexpected behavior. The fix involves swapping the calls to avoid dereferencing NULL.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash or behave unexpectedly during HDMI teardown on affected hardware, potentially leading to denial of service or system instability.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed version of the Linux kernel that resolves the drm/gma500 null dereference issue in hdmi teardown by swapping the calls in oaktrail_hdmi_i2c_exit to prevent dereferencing NULL driver_data.