Kernel Memory Access Issue in Qualcomm Graphics Driver
CVE-2025-40152

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40152?

A memory access vulnerability has been identified in the graphics driver (DRM) for Qualcomm's hardware within the Linux kernel. The vulnerability arises when the 'drm_gem_for_each_gpuvm_bo()' function is executed without proper initialization of the 'drm_gem_obj.gpuva.list'. This can trigger severe kernel crashes, particularly when the 'msm.separate_gpu_drm=1' parameter is set, leading to kernel paging errors and potential system instability. Users are encouraged to apply the latest updates to mitigate this risk.

Affected Version(s)

Linux 217ed15bd399980981f90f4332bc7ad4b05baa7e < 87aff6d08f3b13bfad66df7c13af5f3a3548d5b9

Linux 217ed15bd399980981f90f4332bc7ad4b05baa7e

Linux 6.17

References

https://git.kernel.org/stable/c/87aff6d08f3b13bfad66df7c1...

https://git.kernel.org/stable/c/f028bcafb6dfb4c2bb656cbff...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON