Memory Management Flaw in Linux Kernel Affects Sensor Drivers
CVE-2025-40224

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40224?

A vulnerability has been identified in the Linux kernel related to the hwmon subsystem, specifically within the cgbc-hwmon driver. The vulnerability arises due to a lack of proper checks after the memory allocation using devm_kzalloc(). If the allocation fails, the existing logic does not handle this scenario, potentially leading to dereferencing a NULL pointer and causing a kernel crash. The issue has been addressed by implementing a NULL pointer check to ensure that memory allocation failures are handled gracefully, returning -ENOMEM in such cases.

Affected Version(s)

Linux 08ebc9def79fc0c4dbb6ecc39263006e3f98b750 < 240b82b86a091c1aa49d951d4467425420a081a0

Linux 08ebc9def79fc0c4dbb6ecc39263006e3f98b750

Linux 6.15

References

https://git.kernel.org/stable/c/240b82b86a091c1aa49d951d4...

https://git.kernel.org/stable/c/a09a5aa8bf258ddc99a22c30f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON