Data Leak Vulnerability in Linux Kernel's DRM Subsystem
CVE-2025-40276

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40276?

A vulnerability exists in the Linux kernel's DRM subsystem, specifically within the shmem layer, where new pages are zeroed out using cached mappings. Failure to execute a CPU flush may leave dirty cachelines unaddressed, potentially resulting in harmful data leaks and the risk of asynchronous buffer corruption upon eviction of these cachelines. This vulnerability highlights the critical need for proper handling of memory management operations to ensure data integrity and system stability.

Affected Version(s)

Linux 8a1cc07578bf42d85f008316873d710ff684dd29 < 7a12f9c96d06b145562f76ffb20369b4692f0911

Linux 8a1cc07578bf42d85f008316873d710ff684dd29 < 576c930e5e7dcb937648490611a83f1bf0171048

Linux 6.10

References

https://git.kernel.org/stable/c/7a12f9c96d06b145562f76ffb...

https://git.kernel.org/stable/c/576c930e5e7dcb93764849061...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON