CVE-2025-40076

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to PCI device interrupt handling. Specifically, the issue arises when using the msi create parent irq domain() function, which can result in a NULL pointer dereference within generic handle domain irq(). This occurs because the MSI parent IRQ domain is not properly initialized, leading to an error when attempting to access its parent domain. The problem was identified during testing with the RZ/G3S PCIe host controller driver but was not initially observed with the pcie-rcar-host controller driver due to a lack of hardware for testing. The root cause is traced back to commit dd26c1a23fd5, which introduced the problematic behavior.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.