PT-2025-44376 · Linux+3 · Linux Kernel+3

Published

2025-10-30

·

Updated

2026-04-20

·

CVE-2025-40086

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An issue exists in the Linux kernel’s DRM/XE subsystem where an array of VM binds could potentially evict other buffer objects (BOs) within the same VM under specific conditions. This could lead to NULL pointer dereferences later in the bind pipeline. The resolution involves clearing the allow res evict flag in the xe bo validate call.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2025-40086
OPENSUSE-SU-2025:15702-1
OPENSUSE-SU-2025:20172-1
OPENSUSE-SU-2026:10301-1
SUSE-SU-2025:4393-1
SUSE-SU-2025:4516-1
SUSE-SU-2025:4517-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8048-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu