CVE-2025-40224
Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Vulnerability report for CVE-2025-40224, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-04

Last updated on: 2025-12-04

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() The driver allocates memory for sensor data using devm_kzalloc(), but did not check if the allocation succeeded. In case of memory allocation failure, dereferencing the NULL pointer would lead to a kernel crash. Add a NULL pointer check and return -ENOMEM to handle allocation failure properly.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-04
Last Modified
2025-12-04
Generated
2026-07-06
AI Q&A
2025-12-04
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's cgbc-hwmon driver, where memory is allocated for sensor data using devm_kzalloc() without checking if the allocation succeeded. If the allocation fails and returns NULL, the driver dereferences this NULL pointer, causing a kernel crash. The fix adds a NULL pointer check and returns an error code (-ENOMEM) to handle allocation failure properly.

Impact Analysis

If this vulnerability is triggered, it can cause the Linux kernel to crash due to a NULL pointer dereference. This can lead to system instability, unexpected reboots, or denial of service, affecting the availability of the system.

Mitigation Strategies

Update the Linux kernel to a version that includes the fix for this vulnerability, which adds a NULL pointer check after devm_kzalloc() in the cgbc-hwmon driver to prevent kernel crashes due to memory allocation failure.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40224. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart