Dereference Vulnerability in Linux Kernel Affects STM32 CSI Driver
CVE-2025-40015

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40015?

A vulnerability exists in the Linux kernel's STM32 CSI driver where a potential NULL dereference may occur due to improper code sequencing. The function 'stm32_csi_start' incorrectly dereferences 'csidev->s_subdev' prior to performing a NULL check. This oversight can compromise system operation if the dereferenced value is indeed NULL. The flaw has been addressed by adjusting the code to ensure that the NULL check occurs before any dereference, thereby protecting the stability and integrity of systems utilizing the STM32 CSI driver.

Affected Version(s)

Linux e7bad98c205d17c745de9d83ebf73e53cbf99d48 < 1f053d82e59c785b2b939cbed12f13657f84b296

Linux e7bad98c205d17c745de9d83ebf73e53cbf99d48 < 4eeafff163e80d576c5efc1360ae310c0ceedd02

Linux e7bad98c205d17c745de9d83ebf73e53cbf99d48 < 80eaf32672871bd2623ce6ba13ffc1f018756580

References

https://git.kernel.org/stable/c/1f053d82e59c785b2b939cbed...

https://git.kernel.org/stable/c/4eeafff163e80d576c5efc136...

https://git.kernel.org/stable/c/80eaf32672871bd2623ce6ba1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON