Linux Kernel Vulnerability in cxl Feature Management by Vendor
CVE-2025-40089

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
30 October 2025

What is CVE-2025-40089?

A vulnerability exists in the Linux kernel within cxl feature management, where a NULL pointer dereference can occur if the hardware lacks support for features. Specifically, if the system calls cxl_feature_info() without proper checks when no cxlfs entries have been created, it may cause a kernel panic. This issue highlights the need for robust error handling to prevent system crashes due to missing hardware capabilities.

Affected Version(s)

Linux eb5dfcb9e36d0e46089fec777d911313c1876fa3

Linux eb5dfcb9e36d0e46089fec777d911313c1876fa3

Linux 6.15

References

https://git.kernel.org/stable/c/b8a69e3b1a460bf5d96dd53cb...
https://git.kernel.org/stable/c/a375246fcf2bbdaeb1df7fa7e...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-40089 : Linux Kernel Vulnerability in cxl Feature Management by Vendor