CVE-2025-40034

Linux kernel - Null Pointer Dereference

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER Capability and therefore dev->aer_info, which contains AER stats and ratelimiting data, is NULL. pci_dev_aer_stats_incr() already checks dev->aer_info for NULL, but aer_ratelimit() did not, leading to NULL pointer dereferences like this one from the URL below: {1}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 0 {1}[Hardware Error]: event severity: corrected {1}[Hardware Error]: device_id: 0000:00:00.0 {1}[Hardware Error]: vendor_id: 0x8086, device_id: 0x2020 {1}[Hardware Error]: aer_cor_status: 0x00001000, aer_cor_mask: 0x00002000 BUG: kernel NULL pointer dereference, address: 0000000000000264 RIP: 0010:___ratelimit+0xc/0x1b0 pci_print_aer+0x141/0x360 aer_recover_work_func+0xb5/0x130 [8086:2020] is an Intel "Sky Lake-E DMI3 Registers" device that claims to be a Root Port but does not advertise an AER Capability. Add a NULL check in aer_ratelimit() to avoid the NULL pointer dereference. Note that this also prevents ratelimiting these events from GHES. [bhelgaas: add crash details to commit log]

Scores

EPSS 0.0018
EPSS Percentile 8.0%

Details

Status published
Products (7)
linux/Kernel 6.16.0 - 6.17.3linux
Linux/Linux < 6.16
Linux/Linux 6.16
Linux/Linux 6.17.3 - 6.17.*
Linux/Linux 6.18
Linux/Linux a57f2bfb4a5863f83087867c0e671f2418212d23 - 41683624cbff0a26bb7e0627f4a7e1b51a8779a8
Linux/Linux a57f2bfb4a5863f83087867c0e671f2418212d23 - deb2f228388ff3a9d0623e3b59a053e9235c341d
Published Oct 28, 2025
Tracked Since Feb 18, 2026