Use-after-free Vulnerability in Linux Kernel Affecting vmwgfx
CVE-2025-40111

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40111?

A use-after-free vulnerability has been identified in the Linux kernel's vmwgfx driver, leading to potential memory corruption issues during resource validation. Nodes in the validation duplicates hashtable, which are expected to be cleared, were not properly managed, as one escaped this process due to its resource being destroyed prematurely. This oversight allows for potential exploitation, affecting the stability and security of systems utilizing this driver.

Affected Version(s)

Linux 64ad2abfe9a628ce79859d072704bd1ef7682044 < 1822e5287b7dfa59d0af966756ebf1dc652b60ee

Linux 64ad2abfe9a628ce79859d072704bd1ef7682044

Linux 64ad2abfe9a628ce79859d072704bd1ef7682044 < 4c918f9d1ccccc0e092f43dcb2d8266f54d7340b

References

https://git.kernel.org/stable/c/1822e5287b7dfa59d0af96675...

https://git.kernel.org/stable/c/fb7165e5f3b3b10721ff70553...

https://git.kernel.org/stable/c/4c918f9d1ccccc0e092f43dcb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON