CVE-2025-40177
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to queuing the buffers. We currently initialize some of the resources after queuing the buffers which creates a race between the probe() and any data that comes back from the device. If the uninitialized resources are accessed, we could see page faults. Fix the init ordering to close the race.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40177
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves improper initialization ordering in the accel/qaic component. Specifically, buffers are queued to receive bootlog data from a device before all necessary resources to process that data are fully initialized. This creates a race condition between the probe() function and incoming data, which can lead to accessing uninitialized resources and potentially cause page faults. The fix involves correcting the initialization order to ensure all resources are set up before queuing the buffers.

Impact Analysis

This vulnerability can cause page faults due to accessing uninitialized resources when receiving bootlog data from the device. This may lead to system instability or crashes during the boot process or device initialization, potentially affecting system reliability.

Mitigation Strategies

Update the Linux kernel to a version that includes the fix for the bootlog initialization ordering in the accel/qaic driver. This fix ensures that all resources are properly initialized before queuing MHI buffers, preventing race conditions and potential page faults.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40177. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart