Buffer Object Management Issue in Linux Kernel by The Linux Foundation
CVE-2025-40086

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40086?

In the Linux kernel, a vulnerability related to the management of buffer objects (BOs) has been identified. An issue arises when an array of virtual machine (VM) binds allows the eviction of other BOs within the same VM, which can potentially result in NULL pointer dereferences later in the bind pipeline. This situation can lead to significant system errors if not addressed. The issue has been mitigated by clearing the allow_res_evict flag during the xe_bo_validate call, thereby preventing unintended eviction and ensuring system stability.

Affected Version(s)

Linux dd08ebf6c3525a7ea2186e636df064ea47281987 < 5aa0ab0ba7d94549cfe17d6ef7a4f33ba1de8384

Linux dd08ebf6c3525a7ea2186e636df064ea47281987 < 7ac74613e5f2ef3450f44fd2127198662c2563a9

Linux 6.8

References

https://git.kernel.org/stable/c/5aa0ab0ba7d94549cfe17d6ef...

https://git.kernel.org/stable/c/7ac74613e5f2ef3450f44fd21...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 16, 2025

JSON