CVE-2025-40224

Linux Kernel 6.15-6.17.5 - Denial of Service via Missing NULL Check in cgbc-hwmon

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() The driver allocates memory for sensor data using devm_kzalloc(), but did not check if the allocation succeeded. In case of memory allocation failure, dereferencing the NULL pointer would lead to a kernel crash. Add a NULL pointer check and return -ENOMEM to handle allocation failure properly.

Scores

EPSS 0.0016
EPSS Percentile 5.7%

Details

Status published
Products (7)
linux/Kernel 6.15.0 - 6.17.6linux
Linux/Linux < 6.15
Linux/Linux 08ebc9def79fc0c4dbb6ecc39263006e3f98b750 - 240b82b86a091c1aa49d951d4467425420a081a0
Linux/Linux 08ebc9def79fc0c4dbb6ecc39263006e3f98b750 - a09a5aa8bf258ddc99a22c30f17fe304b96b5350
Linux/Linux 6.15
Linux/Linux 6.17.6 - 6.17.*
Linux/Linux 6.18
Published Dec 04, 2025
Tracked Since Feb 18, 2026