CVE-2025-40224
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() The driver allocates memory for sensor data using devm_kzalloc(), but did not check if the allocation succeeded. In case of memory allocation failure, dereferencing the NULL pointer would lead to a kernel crash. Add a NULL pointer check and return -ENOMEM to handle allocation failure properly.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-12-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40224
EUVD
EUVD-2025-201235
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's cgbc-hwmon driver, where memory is allocated for sensor data using devm_kzalloc() without checking if the allocation succeeded. If the allocation fails and returns NULL, the driver dereferences this NULL pointer, causing a kernel crash. The fix adds a NULL pointer check and returns an error code (-ENOMEM) to handle allocation failure properly.

Impact Analysis

If this vulnerability is triggered, it can cause the Linux kernel to crash due to a NULL pointer dereference. This can lead to system instability, unexpected reboots, or denial of service, affecting the availability of the system.

Mitigation Strategies

Update the Linux kernel to a version that includes the fix for this vulnerability, which adds a NULL pointer check after devm_kzalloc() in the cgbc-hwmon driver to prevent kernel crashes due to memory allocation failure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40224. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart