CVE-2025-40296
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a double free issue in the Linux kernel's platform/x86 int3472 driver. Specifically, the GPIO device is freed twice during the unregistration process because regulator_unregister() already frees it, but the driver attempts to free it again. This causes random failures when other drivers, such as Intel THC, try to allocate interrupts. The root cause is that the reference count of the pinctrl_intel_platform module unexpectedly drops to zero when the driver defers its probe, and the issue can also be triggered by unloading the module directly. The fix involved removing the redundant release of the GPIO device during regulator unregistration.
How can this vulnerability impact me? :
This vulnerability can cause random failures in the system when other drivers attempt to allocate interrupts, potentially leading to instability or malfunction of hardware components relying on those drivers, such as Intel THC. This could affect system reliability and performance on affected platforms like ThinkPad X9 (Lunar Lake).
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the double free of the GPIO device during unregister in the platform/x86 int3472 driver. Avoid unloading the affected module (pinctrl_intel_platform) directly until the fix is applied, as this can reproduce the issue.