Kernel Panic in Linux Kernel's Panthor Driver Related to GPU Virtual Region
CVE-2025-40225

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40225?

A kernel panic vulnerability in the Linux kernel's Panthor driver can occur due to a NULL pointer dereference when userspace attempts to partially unmap a GPU virtual region. This issue arises when the VM_BIND interface is used, allowing for partial unmapping of a buffer object. The driver incorrectly anticipates requiring only a single drm_gpuva structure during a unmap operation, but a partial unmap may necessitate two. As a result, accessing a NULL pointer can lead to severe system instability, as reflected in the kernel error dumps. Users should apply necessary patches to mitigate this flaw and ensure system reliability.

Affected Version(s)

Linux 647810ec247641eb5aec8caef818919a4518a0b1

Linux 647810ec247641eb5aec8caef818919a4518a0b1 < 4eabd0d8791eaf9a7b114ccbf56eb488aefe7b1f

References

https://git.kernel.org/stable/c/efe6dced3512066ebee2cf7c4...

https://git.kernel.org/stable/c/e9c19d19dd7e08db89cead5b0...

https://git.kernel.org/stable/c/4eabd0d8791eaf9a7b114ccbf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON