Null Dereference Vulnerability in Linux Kernel's Queueing Framework
CVE-2025-40083

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 October 2025

What is CVE-2025-40083?

A critical null dereference vulnerability exists in the Linux kernel's queueing framework, specifically within the sch_qfq scheduler. This flaw occurs when a function call within the scheduler's code path returns a NULL value, leading to a potential system crash. Recent updates implement preventive measures to ensure that the return value is properly checked before use, mirroring existing safeguards in other components. These enhancements not only address the immediate defect but also refine the underlying code structure for better maintainability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 6.16

References

https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Apr 16, 2025

JSON