CVE-2025-40110
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null-pointer dereference in the Linux kernel's drm/vmwgfx component related to the cursor snooper. The issue occurs because the code does not properly check if a resource converted to a surface actually exists before using it. While some commands accept an invalid identifier to mean "no surface," the cursor snooper code fails to handle null objects correctly, leading to a potential null-pointer access. The fix ensures that not only the identifier is validated but also that the actual resource exists before it is used.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to dereference a null pointer, which may lead to a kernel crash or system instability. Such crashes can result in denial of service or unexpected behavior in systems using the affected drm/vmwgfx component.