PT-2025-46742 · Linux+5 · Linux Kernel+5

Published

2025-10-01

Updated

2026-03-13

CVE-2025-40185

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel where a reserved XArray entry is not released following a failure during adapter allocation within the ice adapter new() function. This can lead to subsequent insertions at the same index returning an error, potentially resulting in NULL pointer dereferences. The issue occurs when ice adapter new() fails after xa insert() has been called, and the reserved XArray entry is not properly released. The recommended resolution involves reordering operations to check for existing adapters, reserve the XArray slot, allocate the adapter, and then store the adapter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025:22405

ALSA-2025:22854

BDU:2025-14695

CVE-2025-40185

INFSA-2025_22405

OPENSUSE-SU-2025:20172-1

SUSE-SU-2025:4393-1

SUSE-SU-2025:4516-1

SUSE-SU-2025:4517-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Almalinux

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Ubuntu

PT-2025-46742 · Linux+5 · Linux Kernel+5

CVE-2025-40185

Weakness Enumeration

Related Identifiers

Affected Products

References · 704