Linux Kernel Vulnerability in Hisilicon QM Debugging Functionality
CVE-2025-40062

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40062?

A vulnerability in the Linux kernel affects the Hisilicon QM crypto subsystem due to improper handling of memory after a debug initialization failure. Specifically, when the qm->debug.acc_diff_reg initialization does not succeed, the probe process fails to exit. This leads to a scenario where qm->debug.qm_diff_regs, after being freed, is not set to NULL. Consequently, this oversight can result in a double free error during the removal process, posing risks to system stability and security. Proper handling of memory pointers during initialization and removal phases is crucial to mitigate potential exploitation.

Affected Version(s)

Linux eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c

Linux 7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e < 1750f1ec143ebabdbdfa013668665c9d5042c430

Linux 8be0913389718e8d27c4f1d4537b5e1b99ed7739

References

https://git.kernel.org/stable/c/a7836260d5121949ba734e840...

https://git.kernel.org/stable/c/1750f1ec143ebabdbdfa01366...

https://git.kernel.org/stable/c/a87a21a56244b8f4eb357f6ba...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON