CVE-2025-40037

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.3

Description The Linux kernel contains a use-after-free flaw within the simplefb driver, specifically in the

simplefb detach genpds()

function. This issue arises because the pm domain cleanup is not properly managed as devres, leading to access of an invalid pointer after the device is removed. The flaw was triggered during aperture removal on M2 Mac mini systems running the asahi kernel with Debian's kernel configuration, consistently causing a kernel crash starting with version 6.16.3. The issue involves a double free of memory associated with the framebuffer device.

Recommendations Update to a version of the Linux kernel newer than 6.16.3.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-40037

Affected Products

Debian

Linux Kernel

M2 Mac Mini

Asahi Kernel

CVE-2025-40037

Related Identifiers

Affected Products

References · 6