NULL Pointer Dereference in Linux Kernel During Device Management Operations
CVE-2025-40134
What is CVE-2025-40134?
A race condition in the Linux kernel occurs between the device management suspension process and table loading, potentially leading to a NULL pointer dereference. This vulnerability arises when a suspension command is processed before the table loading is complete, resulting in an attempt to access an uninitialized pointer. The vulnerability can affect various distributions using the affected kernel version, posing a risk during device management operations. Proper handling of the table suspension conditions can mitigate the issue by skipping dependent operations when no valid table exists, ensuring system stability and preventing NULL pointer dereferences during critical operations.
Affected Version(s)
Linux c4576aed8d85d808cd6443bda58393d525207d01 < 9dc43ea6a20ff83fe9a5fe4be47ae0fbf2409b98
Linux c4576aed8d85d808cd6443bda58393d525207d01 < 30f95b7eda5966b81cb221bd569c0f095a068cf6
Linux c4576aed8d85d808cd6443bda58393d525207d01