Null Pointer Dereference Vulnerability in Linux Kernel Affects Multiple Products
CVE-2025-40073

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40073?

A vulnerability in the Linux kernel allows for a NULL pointer dereference when validating the Shared Secondary Plane (SSPP) for a current plane that isn't ready. This issue arises due to improper validation between current and previous planes in multi-rect mode, potentially leading to system crashes and instability. The flaw, which has been patched, underscores the necessity for regular updates and vigilant security practices to mitigate risks associated with such vulnerabilities.

Affected Version(s)

Linux 3ed12a3664b362e3462cca61d41f9a9460c9e260

Linux 3ed12a3664b362e3462cca61d41f9a9460c9e260 < 6fc616723bb5fd4289d7422fa013da062b44ae55

Linux 6.16

References

https://git.kernel.org/stable/c/f1dbb3eedb7db4cad45d2619e...

https://git.kernel.org/stable/c/6fc616723bb5fd4289d7422fa...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON