CVE-2025-40070

EPSS 0.06%
Veröffentlicht 28.10.2025 11:48:38
Zuletzt bearbeitet 30.10.2025 15:05:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

pps: fix warning in pps_register_cdev when register device fail

Similar to previous commit 2a934fdb01db ("media: v4l2-dev: fix error
handling in __video_register_device()"), the release hook should be set
before device_register(). Otherwise, when device_register() return error
and put_device() try to callback the release function, the below warning
may happen.

  ------------[ cut here ]------------
  WARNING: CPU: 1 PID: 4760 at drivers/base/core.c:2567 device_release+0x1bd/0x240 drivers/base/core.c:2567
  Modules linked in:
  CPU: 1 UID: 0 PID: 4760 Comm: syz.4.914 Not tainted 6.17.0-rc3+ #1 NONE
  RIP: 0010:device_release+0x1bd/0x240 drivers/base/core.c:2567
  Call Trace:
   <TASK>
   kobject_cleanup+0x136/0x410 lib/kobject.c:689
   kobject_release lib/kobject.c:720 [inline]
   kref_put include/linux/kref.h:65 [inline]
   kobject_put+0xe9/0x130 lib/kobject.c:737
   put_device+0x24/0x30 drivers/base/core.c:3797
   pps_register_cdev+0x2da/0x370 drivers/pps/pps.c:402
   pps_register_source+0x2f6/0x480 drivers/pps/kapi.c:108
   pps_tty_open+0x190/0x310 drivers/pps/clients/pps-ldisc.c:57
   tty_ldisc_open+0xa7/0x120 drivers/tty/tty_ldisc.c:432
   tty_set_ldisc+0x333/0x780 drivers/tty/tty_ldisc.c:563
   tiocsetd drivers/tty/tty_io.c:2429 [inline]
   tty_ioctl+0x5d1/0x1700 drivers/tty/tty_io.c:2728
   vfs_ioctl fs/ioctl.c:51 [inline]
   __do_sys_ioctl fs/ioctl.c:598 [inline]
   __se_sys_ioctl fs/ioctl.c:584 [inline]
   __x64_sys_ioctl+0x194/0x210 fs/ioctl.c:584
   do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
   do_syscall_64+0x5f/0x2a0 arch/x86/entry/syscall_64.c:94
   entry_SYSCALL_64_after_hwframe+0x76/0x7e
   </TASK>

Before commit c79a39dc8d06 ("pps: Fix a use-after-free"),
pps_register_cdev() call device_create() to create pps->dev, which will
init dev->release to device_create_release(). Now the comment is outdated,
just remove it.

Thanks for the reminder from Calvin Owens, 'kfree_pps' should be removed
in pps_register_source() to avoid a double free in the failure case.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 38c7bb10aae5118dd48fa7a82f7bf93839bcc320

Version 785c78ed0d39d1717cca3ef931d3e51337b5e90e

Status affected

Version < 2a194707ca27a3b0523023fa8b446e5ec922dc51

Version 1a7735ab2cb9747518a7416fb5929e85442dec62

Status affected

Version < 125527db41805693208ee1aacd7f3ffe6a3a489c

Version c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7

Status affected

Version < 4cbd7450a22c5ee4842fc4175ad06c0c82ea53a8

Version 91932db1d96b2952299ce30c1c693d834d10ace6

Status affected

Version < cf71834a0cfc394c72d62fd6dbb470ee13cf8f5e

Version cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64

Status affected

Version < f01fa3588e0b3cb1540f56d2c6bd99e5b3810234

Version 7e5ee3281dc09014367f5112b6d566ba36ea2d49

Status affected

Version < 0f97564a1fb62f34b3b498e2f12caffbe99c004a

Version c79a39dc8d060b9e64e8b0fa9d245d44befeefbe

Status affected

Version < b0531cdba5029f897da5156815e3bdafe1e9b88d

Version c79a39dc8d060b9e64e8b0fa9d245d44befeefbe

Status affected

Version 85241f7de216f8298f6e48540ea13d7dcd100870

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.14

Status affected

Version < 6.14

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.301

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.195

Status unaffected

Version <= 6.1.*

Version 6.1.156

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.188

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/125527db41805693208ee1aacd7f3ffe6a3a489c

https://git.kernel.org/stable/c/4cbd7450a22c5ee4842fc4175ad06c0c82ea53a8

https://git.kernel.org/stable/c/cf71834a0cfc394c72d62fd6dbb470ee13cf8f5e

https://git.kernel.org/stable/c/f01fa3588e0b3cb1540f56d2c6bd99e5b3810234

https://git.kernel.org/stable/c/0f97564a1fb62f34b3b498e2f12caffbe99c004a

https://git.kernel.org/stable/c/b0531cdba5029f897da5156815e3bdafe1e9b88d

https://git.kernel.org/stable/c/2a194707ca27a3b0523023fa8b446e5ec922dc51

https://git.kernel.org/stable/c/38c7bb10aae5118dd48fa7a82f7bf93839bcc320

https://nvd.nist.gov/vuln/detail/CVE-2025-40070

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40070

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40070

EUVD