CVE-2025-40107
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-03

Last updated on: 2025-11-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up"). In the `hi311x` driver, when the device resumes from sleep, the driver schedules `priv->restart_work`. However, if the network interface was not previously enabled, the `priv->wq` (workqueue) is not allocated and initialized, leading to a null pointer dereference. To fix this, we move the allocation and initialization of the workqueue from the `hi3110_open` function to the `hi3110_can_probe` function. This ensures that the workqueue is properly initialized before it is used during device resume. And added logic to destroy the workqueue in the error handling paths of `hi3110_can_probe` and in the `hi3110_can_remove` function to prevent resource leaks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-03
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-11-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40107
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
hi311x driver *
mcp251x driver *
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's hi311x CAN driver. When the device resumes from sleep, the driver schedules a restart work task. However, if the network interface was not enabled before sleep, the workqueue used for this task is not allocated or initialized, leading to a null pointer dereference. This can cause the system to crash or behave unexpectedly. The fix involved moving the workqueue allocation and initialization earlier in the driver's probe function to ensure it is ready before resume, and adding cleanup logic to prevent resource leaks.

Impact Analysis

This vulnerability can cause a null pointer dereference in the Linux kernel when resuming the hi311x CAN device from sleep if the network interface was not enabled. This can lead to system crashes or instability, potentially causing denial of service or unexpected behavior in systems relying on this driver.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix where the workqueue allocation and initialization in the hi311x driver has been moved from the hi3110_open function to the hi3110_can_probe function. This ensures proper initialization before device resume and prevents null pointer dereference. Additionally, ensure that the kernel includes the added logic to destroy the workqueue in error handling paths and during device removal to prevent resource leaks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40107. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart