CVE-2025-40029

Опубликовано: 28 окт. 2025

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check return value of platform_get_resource() platform_get_resource() returns NULL in case of failure, so check its return value and propagate the error in order to prevent NULL pointer dereference.

Отчет

Exploitation is effectively impossible for unprivileged users: the failure case can only occur during driver probe when platform resources are provided by ACPI/DT or by manually creating malformed platform devices. Triggering this path requires full root-level control over hardware description (ACPI/DTB or sysfs).

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=2406760kernel: bus: fsl-mc: Check return value of platform_get_resource()

EPSS

Процентиль: 21%

0.00068

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-40029

ubuntu

5 месяцев назад

CVE-2025-40029

nvd

5 месяцев назад

CVE-2025-40029

CVSS3: 5.5

msrc

5 месяцев назад

bus: fsl-mc: Check return value of platform_get_resource()

CVE-2025-40029

debian

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: b ...

GHSA-cv4f-qx52-9x29

github

5 месяцев назад

EPSS

Процентиль: 21%

0.00068

Низкий

5.5 Medium

CVSS3