Kernel Vulnerability in PCI System Affecting RZ/G3S Host Controller
CVE-2025-40076

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40076?

A vulnerability in the Linux kernel PCI subsystem has been identified, specifically affecting the rcar-host driver. The flaw arises when the MSI parent IRQ domain is improperly referenced, leading to a NULL pointer dereference during IRQ handling. This issue emerged during the transition to the msi_create_parent_irq_domain function, where inadequate testing on specific hardware configurations left the problem unreported. Successfully exploiting this vulnerability could allow an attacker to disrupt system functionality.

Affected Version(s)

Linux dd26c1a23fd5a607c50738ea0dcb6cdbb8185cfe

Linux 6.17

References

https://git.kernel.org/stable/c/e8e21aaf5d34015901cd27105...

https://git.kernel.org/stable/c/d3fee10e40a938331e2aae343...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON