CVE-2025-40110

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the drm/vmwgfx subsystem related to cursor snooping. The issue arises from a missing check for resource existence before attempting to use the cursor snooper, potentially leading to a null pointer access. The vmw cmd res check function permits invalid identifiers, and functions handling surfaces may not be able to manage null objects. This fix validates both the identifier and the resource's existence before proceeding with snooping operations, addressing the unchecked null pointer reference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-404

Related Identifiers

AZL-69953

BDU:2026-01294

CVE-2025-40110

ECHO-DF9B-1098-6E42

OESA-2025-2765

OESA-2025-2766

OESA-2025-2767

OPENSUSE-SU-2025:20172-1

SUSE-SU-2025:4393-1

SUSE-SU-2025:4422-1

SUSE-SU-2025:4505-1

SUSE-SU-2025:4516-1

SUSE-SU-2025:4517-1

SUSE-SU-2025:4521-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:20039-1

SUSE-SU-2026:20059-1

SUSE-SU-2026:20473-1

SUSE-SU-2026:20496-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8096-5

USN-8100-1

USN-8116-1

USN-8125-1

USN-8126-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8165-1

USN-8243-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

Vmwgfx

CVE-2025-40110

Weakness Enumeration

Related Identifiers

Affected Products

References · 2339