CVE-2025-40224
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's cgbc-hwmon driver, where memory is allocated for sensor data using devm_kzalloc() without checking if the allocation succeeded. If the allocation fails and returns NULL, the driver dereferences this NULL pointer, causing a kernel crash. The fix adds a NULL pointer check and returns an error code (-ENOMEM) to handle allocation failure properly.
How can this vulnerability impact me? :
If this vulnerability is triggered, it can cause the Linux kernel to crash due to a NULL pointer dereference. This can lead to system instability, unexpected reboots, or denial of service, affecting the availability of the system.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the fix for this vulnerability, which adds a NULL pointer check after devm_kzalloc() in the cgbc-hwmon driver to prevent kernel crashes due to memory allocation failure.