CVE-2025-40161
Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Vulnerability report for CVE-2025-40161, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fix SGI cleanup on unbind The driver incorrectly determines SGI vs SPI interrupts by checking IRQ number < 16, which fails with dynamic IRQ allocation. During unbind, this causes improper SGI cleanup leading to kernel crash. Add explicit irq_type field to pdata for reliable identification of SGI interrupts (type-2) and only clean up SGI resources when appropriate.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-07-06
AI Q&A
2025-11-13
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's mailbox driver for zynqmp-ipi. The driver incorrectly determines whether an interrupt is an SGI (Software Generated Interrupt) or SPI (Shared Peripheral Interrupt) by checking if the IRQ number is less than 16. This method fails when IRQs are allocated dynamically. As a result, during the unbind process, the driver performs improper SGI cleanup, which can lead to a kernel crash. The fix involves adding an explicit irq_type field to reliably identify SGI interrupts and only clean up SGI resources when appropriate.

Impact Analysis

This vulnerability can cause the Linux kernel to crash during the unbind process of the mailbox driver due to improper cleanup of SGI interrupts. Such kernel crashes can lead to system instability, potential downtime, and loss of data or service availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40161. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart