CVE-2025-40346
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() which causes the code to proceed with NULL clock pointers. The current logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both valid pointers and NULL, leading to potential NULL pointer dereference in clk_get_rate(). Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns: "The error code within @ptr if it is an error pointer; 0 otherwise." This means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL pointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed) when cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be called when of_clk_get() returns NULL. Replace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid pointers, preventing potential NULL pointer dereference in clk_get_rate().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40346
EUVD
EUVD-2025-203641
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is due to an incorrect error check in the Linux kernel function topology_parse_cpu_capacity(). The code incorrectly uses PTR_ERR_OR_ZERO() to check a pointer, which returns 0 for both valid and NULL pointers. This causes the logic to proceed even when the pointer is NULL, leading to a potential NULL pointer dereference when clk_get_rate() is called with a NULL pointer. The fix replaces PTR_ERR_OR_ZERO() with IS_ERR_OR_NULL(), which correctly prevents proceeding with NULL pointers.

Impact Analysis

This vulnerability can cause the Linux kernel to dereference a NULL pointer, which may lead to kernel crashes or system instability. Such crashes can result in denial of service or unexpected behavior in systems running the affected kernel.

Mitigation Strategies

The vulnerability is fixed by correcting the error check in the Linux kernel's topology_parse_cpu_capacity() function. To mitigate this vulnerability, update your Linux kernel to a version that includes the fix replacing !PTR_ERR_OR_ZERO(cpu_clk) with !IS_ERR_OR_NULL(cpu_clk) in the arch_topology code. This prevents potential NULL pointer dereference in clk_get_rate().

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40346. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart