CVE-2025-40062
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-10-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's crypto hisilicon/qm component. When the initialization of qm->debug.acc_diff_reg fails, the probe process continues instead of exiting. After qm->debug.qm_diff_regs is freed, it is not set to NULL, which can cause a double free error when the remove process tries to free it again. Setting qm->debug.qm_diff_regs to NULL after freeing prevents this issue.
How can this vulnerability impact me? :
The vulnerability can lead to a double free condition in the Linux kernel, which may cause system instability, crashes, or potential exploitation by attackers to execute arbitrary code or cause denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the issue is fixed, ensuring that qm->debug.qm_diff_regs is properly set to NULL after being freed to prevent double free errors.