SB20251216111 - NULL pointer dereference in Linux kernel base driver
Published: December 16, 2025
Security Bulletin ID
SB20251216111
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-40346)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the topology_parse_cpu_capacity() function in drivers/base/arch_topology.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02fbea0864fd4a863671f5d418129258d7159f68
- https://git.kernel.org/stable/c/2eead19334516c8e9927c11b448fbe512b1f18a1
- https://git.kernel.org/stable/c/3373f263bb647fcc3b5237cfaef757633b9ee25e
- https://git.kernel.org/stable/c/3a01b2614e84361aa222f67bc628593987e5cdb2
- https://git.kernel.org/stable/c/45379303124487db3a81219af7565d41f498167f
- https://git.kernel.org/stable/c/64da320252e43456cc9ec3055ff567f168467b37
- https://git.kernel.org/stable/c/a77f8434954cb1e9c42c3854e40855fdcf5ab235