CVE-2025-40089
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-10-30

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be passed in as NULL. [ 51.957498] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 51.965571] #PF: supervisor read access in kernel mode [ 51.971559] #PF: error_code(0x0000) - not-present page [ 51.977542] PGD 17e4f6067 P4D 0 [ 51.981384] Oops: Oops: 0000 [#1] SMP NOPTI [ 51.986300] CPU: 49 UID: 0 PID: 3782 Comm: systemd-udevd Not tainted 6.17.0dj test+ #64 PREEMPT(voluntary) [ 51.997355] Hardware name: <removed> [ 52.009790] RIP: 0010:cxl_feature_info+0xa/0x80 [cxl_core] Add a check for cxlfs before dereferencing it and return -EOPNOTSUPP if there is no cxlfs created due to no hardware support.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-30
Last Modified
2025-10-30
Generated
2026-05-07
AI Q&A
2025-10-30
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40089
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a NULL pointer dereference in the Linux kernel's cxl_feature_info function. When the hardware does not support certain features, the cxl_feature_info function may receive a NULL pointer (cxlfs) and attempt to dereference it, causing a kernel crash (Oops). The fix adds a check for the NULL pointer and returns an error if no features are supported, preventing the crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference when accessing unsupported hardware features. This can lead to system instability, unexpected reboots, or denial of service on affected systems.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by monitoring your system logs for kernel NULL pointer dereference errors related to cxl_feature_info. Look for messages similar to: '[timestamp] BUG: kernel NULL pointer dereference, address: 0000000000000008' or 'Oops: Oops: 0000 [#1] SMP NOPTI' referencing cxl_feature_info in the kernel logs. Use commands like 'dmesg | grep cxl_feature_info' or 'journalctl -k | grep cxl_feature_info' to find such entries.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating your Linux kernel to a version that includes the fix which adds a check for cxlfs before dereferencing it, preventing NULL pointer dereference. Until the update is applied, avoid using hardware or features that trigger cxl_feature_info calls if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart