PT-2025-42780 · Linux+4 · Linux Kernel+4

Published

2025-09-18

·

Updated

2026-05-07

·

CVE-2025-40011

CVSS v2.0

3.8

Low

VectorAV:L/AC:H/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel’s drm/gma500 module related to a null dereference during HDMI teardown. The issue occurs because pci set drvdata sets pdev->driver data to NULL, and this value is subsequently dereferenced in oaktrail hdmi i2c exit to extract the i2c dev. The resolution involves swapping the order of these calls to prevent the dereference of a null pointer.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-13573
CVE-2025-40011
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-1ED3-79E5-84DD
MGASA-2025-0309
MGASA-2025-0310
OPENSUSE-SU-2025:20091-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21080-1
SUSE-SU-2025:21147-1
SUSE-SU-2025:21180-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4301-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu