Kernel Vulnerability in Linux Affecting Memory Management Processes
CVE-2025-40340

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40340?

A vulnerability has been identified in the Linux kernel linked to the xe_gem_fault component. This issue arises during the core_hotunplug testing process, resulting in an unexpected system crash. The problem occurs when a process attempts to map memory but encounters issues due to the FAULT_FLAG_RETRY_NOWAIT logic. This leads to situations where the system lacks available process memory, returning a VM_FAULT_NOPAGE error. Consequently, the vulnerability triggers a failure in memory type verification, specifically when the resource is NULL, causing an operational crash. Proper resolutions have been implemented to address this vulnerability and maintain system stability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 99428bd6123d5676209dfb1d7a8f176cc830b665

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 29a3064f9c5a908aaf0b39cd6ed30374db11840d

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1cda3c755bb7770be07d75949bb0f45fb88651f6

References

https://git.kernel.org/stable/c/99428bd6123d5676209dfb1d7...

https://git.kernel.org/stable/c/29a3064f9c5a908aaf0b39cd6...

https://git.kernel.org/stable/c/1cda3c755bb7770be07d75949...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON