Null Pointer Access Issue in Linux Kernel Affects Multiple Solutions
CVE-2025-40110

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40110?

A vulnerability in the Linux kernel has been identified where the cursor snooper can attempt to access a null pointer due to unchecked resource validation. Specifically, an invalid identifier, SVGA3D_INVALID_ID, may be permitted in certain SVGA commands, leading functions that expect actual surfaces to potentially crash when dealing with null objects. The fix involves rigorous checks to ensure that resources exist before engaging the cursor snooper, enhancing system stability and security.

Affected Version(s)

Linux c0951b797e7d0f2c6b0df2c0e18185c72d0cf1a1 < 299cfb5a7deabdf9ecd30071755672af0aced5eb

Linux c0951b797e7d0f2c6b0df2c0e18185c72d0cf1a1 < 13c9e4ed125e19484234c960efe5ac9c55119523

Linux c0951b797e7d0f2c6b0df2c0e18185c72d0cf1a1

References

https://git.kernel.org/stable/c/299cfb5a7deabdf9ecd300717...

https://git.kernel.org/stable/c/13c9e4ed125e19484234c960e...

https://git.kernel.org/stable/c/b6fca0a07989f361ceda27cb2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON