CVE-2025-40208

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description The Linux kernel's qcom-iris driver contains an issue where module removal can fail if firmware download fails. Specifically, if the firmware download for the qcom/vpu/vpu33 p4.mbn file fails, the driver may not properly clean up resources, leading to runtime errors and potential system instability. The issue manifests as warnings related to clock disabling and runtime PM usage count underflows during module removal. The fix skips deinitialization if the initialization process was unsuccessful.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.