PT-2025-46627 · Linux+3 · Linux Kernel+3

Published

2025-08-02

Updated

2026-02-24

CVE-2025-40152

CVSS v2.0

5.5

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc4-assorted-fix-00005-g0e9bb53a2282-dirty

Description The Linux kernel contains an issue where the drm gem for each gpuvm bo() call from lookup vma() accesses drm gem obj.gpuva.list, which is not initialized when the DRIVER GEM GPUVA feature is not supported by the DRM driver. This can lead to a system crash, specifically a kernel oops, when the msm.separate gpu drm=1 module parameter is set. The issue occurs during the boot process.

Recommendations Update to a newer version of the Linux kernel that contains a fix for this vulnerability.

Exploit

Fix

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

BDU:2025-14949

CVE-2025-40152

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

Msm

PT-2025-46627 · Linux+3 · Linux Kernel+3

CVE-2025-40152

Weakness Enumeration

Related Identifiers

Affected Products

References · 392