CVE-2025-40107

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux Kernel (hi311x CAN driver) (affected versions not specified)

Description The Linux kernel’s hi311x CAN driver contains a flaw where a null pointer dereference can occur when resuming from sleep if the network interface was not previously enabled. This is due to the priv->wq (workqueue) not being allocated and initialized before being used during device resume. The issue is similar to a previously fixed problem in the mcp251x driver. The driver schedules priv->restart work during resume, which can lead to a null pointer dereference if the interface was not enabled beforehand. The fix involves moving the allocation and initialization of the workqueue from the hi3110 open function to the hi3110 can probe function, and adding logic to destroy the workqueue in error handling paths to prevent resource leaks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-69586

BDU:2026-02781

CVE-2025-40107

DLA-4379-1

DSA-6053-1

ECHO-858B-E56A-B6F0

MGASA-2025-0309

MGASA-2025-0310

OPENSUSE-SU-2025:20172-1

SUSE-SU-2025:4393-1

SUSE-SU-2025:4422-1

SUSE-SU-2025:4505-1

SUSE-SU-2025:4516-1

SUSE-SU-2025:4517-1

SUSE-SU-2025:4521-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:20039-1

SUSE-SU-2026:20059-1

SUSE-SU-2026:20473-1

SUSE-SU-2026:20496-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linux Kernel

Linuxmint

Ubuntu

CVE-2025-40107

Weakness Enumeration

Related Identifiers

Affected Products

References · 1716