Null Dereference Vulnerability in Linux Kernel Affects HDMI Teardown
CVE-2025-40011

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40011?

A vulnerability exists in the Linux kernel that can lead to a null dereference during the HDMI teardown process. Specifically, the issue arises when the function pci_set_drvdata sets pdev->driver_data to NULL. This scenario occurs before the driver attempts to dereference driver_data in the oaktrail_hdmi_i2c_exit function, resulting in a potential crash if the i2c_dev is accessed improperly. Proper sequencing of these calls is crucial to ensure system stability and prevent unexpected behavior.

Affected Version(s)

Linux 1b082ccf5901108d3acd860a73d8c0442556c0bb < 70b0c11483d3b90b2d0f416026e475e084a77e62

Linux 1b082ccf5901108d3acd860a73d8c0442556c0bb < 4bbfd1b290857b9d14ea9d91562bde55ff2bc85e

Linux 1b082ccf5901108d3acd860a73d8c0442556c0bb

References

https://git.kernel.org/stable/c/70b0c11483d3b90b2d0f41602...

https://git.kernel.org/stable/c/4bbfd1b290857b9d14ea9d915...

https://git.kernel.org/stable/c/e15de80737d444ed743b1c60c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON