PT-2025-44141 · Linux+2 · Linux Kernel+2

Published

2025-08-19

Updated

2026-05-26

CVE-2025-40073

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc2-g3ee3f6e1202e #335

Description The Linux kernel contains a flaw within the drm/msm subsystem related to Shared Surface Private Pointer (SSPP) validation. The current code validates SSPP for both the current and previous planes, even when the current plane is not yet associated with an SSPP. This can lead to a null pointer dereference when validating the SSPP of the current plane. This issue can result in a kernel NULL pointer dereference, potentially leading to system instability.

Recommendations Update to a version newer than 6.15.0-rc2-g3ee3f6e1202e #335.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-13612

CVE-2025-40073

OPENSUSE-SU-2025:15702-1

OPENSUSE-SU-2026:10301-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2025-44141 · Linux+2 · Linux Kernel+2

CVE-2025-40073

Weakness Enumeration

Related Identifiers

Affected Products

References · 597