Memory Management Flaw in Linux Kernel Affects Multiple Device Drivers
CVE-2025-40144

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40144?

A memory management vulnerability was identified in the Linux kernel's ndtest_probe function. When the function attempts to allocate memory for three DMA address arrays, it does so with a high risk of running out of memory. If the memory allocation fails, it can lead to a NULL pointer dereference when the function subsequently accesses these arrays. This flaw highlights the importance of error handling in memory allocation, where properly checking the success of memory requests can prevent critical failures in device driver operations under low-memory conditions.

Affected Version(s)

Linux 9399ab61ad82154911563dd8635c585e3f24b16a < 972cbba5cd384bacdc2eb589776e1d0a9f42714f

Linux 9399ab61ad82154911563dd8635c585e3f24b16a

References

https://git.kernel.org/stable/c/972cbba5cd384bacdc2eb5897...

https://git.kernel.org/stable/c/bc8b56317ff83ef4bba89bda3...

https://git.kernel.org/stable/c/b808a3590c2884ca91316dbad...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON