CVE-2025-40177
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves improper initialization ordering in the accel/qaic component. Specifically, buffers are queued to receive bootlog data from a device before all necessary resources to process that data are fully initialized. This creates a race condition between the probe() function and incoming data, which can lead to accessing uninitialized resources and potentially cause page faults. The fix involves correcting the initialization order to ensure all resources are set up before queuing the buffers.
How can this vulnerability impact me? :
This vulnerability can cause page faults due to accessing uninitialized resources when receiving bootlog data from the device. This may lead to system instability or crashes during the boot process or device initialization, potentially affecting system reliability.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the fix for the bootlog initialization ordering in the accel/qaic driver. This fix ensures that all resources are properly initialized before queuing MHI buffers, preventing race conditions and potential page faults.