CVE-2025-40031

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the register shm helper() function related to incorrect error handling during a call to iov iter extract pages(). Specifically, a missing case exists where iov iter extract pages() returns a value greater than zero but less than the requested amount of pages. This can lead to a potential NULL pointer dereference when processing input from the TEE IOC SHM REGISTER ioctl call, where portions of the buffer are not mapped.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-02712

CVE-2025-40031

OPENSUSE-SU-2025:15702-1

OPENSUSE-SU-2025:20172-1

OPENSUSE-SU-2026:10301-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40031

Weakness Enumeration

Related Identifiers

Affected Products

References · 1980