Vulnerability in Linux Kernel Affects PPS Device Registration
CVE-2025-40070
What is CVE-2025-40070?
A vulnerability exists in the Linux kernel that impacts the proper registration of PPS devices. When the function pps_register_cdev attempts to register a device, it must correctly set the release hook prior to invoking device_register(). Failure to do so can lead to a warning during device operations, particularly if the registration fails, causing a potential use-after-free condition in the system. This oversight may compromise the integrity of device management within the kernel, emphasizing the need for proper error handling mechanisms to avoid risking system stability.
Affected Version(s)
Linux 785c78ed0d39d1717cca3ef931d3e51337b5e90e < 38c7bb10aae5118dd48fa7a82f7bf93839bcc320
Linux 1a7735ab2cb9747518a7416fb5929e85442dec62 < 2a194707ca27a3b0523023fa8b446e5ec922dc51
Linux c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7 < 125527db41805693208ee1aacd7f3ffe6a3a489c