CVE-2025-40340
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. I saw an oops in xe_gem_fault when running the xe-fast-feedback testlist against the realtime kernel without debug options enabled. The panic happens after core_hotunplug unbind-rebind finishes. Presumably what happens is that a process mmaps, unlocks because of the FAULT_FLAG_RETRY_NOWAIT logic, has no process memory left, causing ttm_bo_vm_dummy_page() to return VM_FAULT_NOPAGE, since there was nothing left to populate, and then oopses in "mem_type_is_vram(tbo->resource->mem_type)" because tbo->resource is NULL. It's convoluted, but fits the data and explains the oops after the test exits.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-17
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40340
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw in the Linux kernel's drm/xe component where an 'oops' (kernel crash) occurs in the xe_gem_fault function during the core_hotunplug test. The issue happens when a process memory maps and unlocks due to FAULT_FLAG_RETRY_NOWAIT logic but ends up with no process memory left. This causes a function to return VM_FAULT_NOPAGE because there is nothing left to populate, leading to a null pointer dereference in mem_type_is_vram due to a NULL resource pointer, resulting in a kernel crash.

Impact Analysis

This vulnerability can cause the Linux kernel to crash (kernel oops) during specific operations involving memory management in the drm/xe component. This can lead to system instability or downtime, especially when running certain tests or workloads that trigger this condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40340. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart