CVE-2025-40062
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs When the initialization of qm->debug.acc_diff_reg fails, the probe process does not exit. However, after qm->debug.qm_diff_regs is freed, it is not set to NULL. This can lead to a double free when the remove process attempts to free it again. Therefore, qm->debug.qm_diff_regs should be set to NULL after it is freed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40062
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's crypto hisilicon/qm component. When the initialization of qm->debug.acc_diff_reg fails, the probe process continues instead of exiting. After qm->debug.qm_diff_regs is freed, it is not set to NULL, which can cause a double free error when the remove process tries to free it again. Setting qm->debug.qm_diff_regs to NULL after freeing prevents this issue.

Impact Analysis

The vulnerability can lead to a double free condition in the Linux kernel, which may cause system instability, crashes, or potential exploitation by attackers to execute arbitrary code or cause denial of service.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the issue is fixed, ensuring that qm->debug.qm_diff_regs is properly set to NULL after being freed to prevent double free errors.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40062. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart