CVE-2025-40185

Linux kernel - NULL Pointer Dereference

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ice: ice_adapter: release xa entry on adapter allocation failure When ice_adapter_new() fails, the reserved XArray entry created by xa_insert() is not released. This causes subsequent insertions at the same index to return -EBUSY, potentially leading to NULL pointer dereferences. Reorder the operations as suggested by Przemek Kitszel: 1. Check if adapter already exists (xa_load) 2. Reserve the XArray slot (xa_reserve) 3. Allocate the adapter (ice_adapter_new) 4. Store the adapter (xa_store)

Scores

EPSS 0.0019
EPSS Percentile 9.1%

Details

Status published
Products (10)
linux/Kernel 6.11.0 - 6.12.54linux
linux/Kernel 6.13.0 - 6.17.4linux
Linux/Linux < 6.11
Linux/Linux 0f0023c649c7bc50543fbe6e1801eb6357b8bd63 - 2db687f3469dbc5c59bc53d55acafd75d530b497
Linux/Linux 0f0023c649c7bc50543fbe6e1801eb6357b8bd63 - 794abb265de3e792167fe3ea0440c064c722bb84
Linux/Linux 0f0023c649c7bc50543fbe6e1801eb6357b8bd63 - 7b9269de9815fc34d93dab90bd5169bacbe78e70
Linux/Linux 6.11
Linux/Linux 6.12.54 - 6.12.*
Linux/Linux 6.17.4 - 6.17.*
Linux/Linux 6.18
Published Nov 12, 2025
Tracked Since Feb 18, 2026