CVE-2025-40070

EPSS 0.06%
Veröffentlicht 28.10.2025 11:48:38
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

pps: fix warning in pps_register_cdev when register device fail

In the Linux kernel, the following vulnerability has been resolved:

pps: fix warning in pps_register_cdev when register device fail

Similar to previous commit 2a934fdb01db ("media: v4l2-dev: fix error
handling in __video_register_device()"), the release hook should be set
before device_register(). Otherwise, when device_register() return error
and put_device() try to callback the release function, the below warning
may happen.

  ------------[ cut here ]------------
  WARNING: CPU: 1 PID: 4760 at drivers/base/core.c:2567 device_release+0x1bd/0x240 drivers/base/core.c:2567
  Modules linked in:
  CPU: 1 UID: 0 PID: 4760 Comm: syz.4.914 Not tainted 6.17.0-rc3+ #1 NONE
  RIP: 0010:device_release+0x1bd/0x240 drivers/base/core.c:2567
  Call Trace:
   <TASK>
   kobject_cleanup+0x136/0x410 lib/kobject.c:689
   kobject_release lib/kobject.c:720 [inline]
   kref_put include/linux/kref.h:65 [inline]
   kobject_put+0xe9/0x130 lib/kobject.c:737
   put_device+0x24/0x30 drivers/base/core.c:3797
   pps_register_cdev+0x2da/0x370 drivers/pps/pps.c:402
   pps_register_source+0x2f6/0x480 drivers/pps/kapi.c:108
   pps_tty_open+0x190/0x310 drivers/pps/clients/pps-ldisc.c:57
   tty_ldisc_open+0xa7/0x120 drivers/tty/tty_ldisc.c:432
   tty_set_ldisc+0x333/0x780 drivers/tty/tty_ldisc.c:563
   tiocsetd drivers/tty/tty_io.c:2429 [inline]
   tty_ioctl+0x5d1/0x1700 drivers/tty/tty_io.c:2728
   vfs_ioctl fs/ioctl.c:51 [inline]
   __do_sys_ioctl fs/ioctl.c:598 [inline]
   __se_sys_ioctl fs/ioctl.c:584 [inline]
   __x64_sys_ioctl+0x194/0x210 fs/ioctl.c:584
   do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
   do_syscall_64+0x5f/0x2a0 arch/x86/entry/syscall_64.c:94
   entry_SYSCALL_64_after_hwframe+0x76/0x7e
   </TASK>

Before commit c79a39dc8d06 ("pps: Fix a use-after-free"),
pps_register_cdev() call device_create() to create pps->dev, which will
init dev->release to device_create_release(). Now the comment is outdated,
just remove it.

Thanks for the reminder from Calvin Owens, 'kfree_pps' should be removed
in pps_register_source() to avoid a double free in the failure case.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 785c78ed0d39d1717cca3ef931d3e51337b5e90e

Version < 38c7bb10aae5118dd48fa7a82f7bf93839bcc320

Status affected

Version 1a7735ab2cb9747518a7416fb5929e85442dec62

Version < 2a194707ca27a3b0523023fa8b446e5ec922dc51

Status affected

Version c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7

Version < 125527db41805693208ee1aacd7f3ffe6a3a489c

Status affected

Version 91932db1d96b2952299ce30c1c693d834d10ace6

Version < 4cbd7450a22c5ee4842fc4175ad06c0c82ea53a8

Status affected

Version cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64

Version < cf71834a0cfc394c72d62fd6dbb470ee13cf8f5e

Status affected

Version 7e5ee3281dc09014367f5112b6d566ba36ea2d49

Version < f01fa3588e0b3cb1540f56d2c6bd99e5b3810234

Status affected

Version c79a39dc8d060b9e64e8b0fa9d245d44befeefbe

Version < 0f97564a1fb62f34b3b498e2f12caffbe99c004a

Status affected

Version c79a39dc8d060b9e64e8b0fa9d245d44befeefbe

Version < b0531cdba5029f897da5156815e3bdafe1e9b88d

Status affected

Version 85241f7de216f8298f6e48540ea13d7dcd100870

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.14

Status affected

Version 0

Version < 6.14

Status unaffected

Version <= 5.4.*

Version 5.4.301

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.195

Status unaffected

Version <= 6.1.*

Version 6.1.156

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.181

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/125527db41805693208ee1aacd7f3ffe6a3a489c

https://git.kernel.org/stable/c/4cbd7450a22c5ee4842fc4175ad06c0c82ea53a8

https://git.kernel.org/stable/c/cf71834a0cfc394c72d62fd6dbb470ee13cf8f5e

https://git.kernel.org/stable/c/f01fa3588e0b3cb1540f56d2c6bd99e5b3810234

https://git.kernel.org/stable/c/0f97564a1fb62f34b3b498e2f12caffbe99c004a

https://git.kernel.org/stable/c/b0531cdba5029f897da5156815e3bdafe1e9b88d

https://git.kernel.org/stable/c/2a194707ca27a3b0523023fa8b446e5ec922dc51

https://git.kernel.org/stable/c/38c7bb10aae5118dd48fa7a82f7bf93839bcc320

https://nvd.nist.gov/vuln/detail/CVE-2025-40070

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40070

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40070

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40070