Linux Kernel Vulnerability in Throttle Policy Activation
CVE-2025-40147

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40147?

A vulnerability in the Linux kernel arises during throttle policy activation in the blk-throttle component. This issue can cause a NULL pointer dereference when throttling is checked before the throttle policy is fully initialized, leading to potential crashes. The failure occurs when critical state data is not yet attached to block groups, resulting in the kernel attempting to dereference a NULL value and causing stability issues following cold boots.

Affected Version(s)

Linux a3166c51702bb00b8f8b84022090cbab8f37be1a < 6a0c394300a7b0c05504596685de8a46707171fc

Linux a3166c51702bb00b8f8b84022090cbab8f37be1a

Linux 6.10

References

https://git.kernel.org/stable/c/6a0c394300a7b0c0550459668...

https://git.kernel.org/stable/c/bd9fd5be6bc0836820500f68f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON