Vulnerability Lookup

🛡️ CVE-2025-40346

⚪ Unknown ✅ No Known Exploit NVD

N/A

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() which causes the code to proceed with NULL clock pointers. The current logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both valid pointers and NULL, leading to potential NULL pointer dereference in clk_get_rate(). Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns: "The error code within @ptr if it is an error pointer; 0 otherwise." This means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL pointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed) when cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be called when of_clk_get() returns NULL. Replace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid pointers, preventing potential NULL pointer dereference in clk_get_rate().

Details

Severity Unknown

CVSS Score N/A

CVSS Vector N/A

CWE N/A

Public Exploit ✅ No

Source NVD

Published 2025-12-16

Updated 2026-06-02

Modified 2026-04-02

Fix URL N/A

Affected Packages

Software	From version	Fixed in
kernel	6.13.0	6.17.6
unknown	—	—

References

WEB https://git.kernel.org/stable/c/02fbea0864fd4a863671f5d418129258d7159f68

WEB https://git.kernel.org/stable/c/2eead19334516c8e9927c11b448fbe512b1f18a1

WEB https://git.kernel.org/stable/c/3373f263bb647fcc3b5237cfaef757633b9ee25e

WEB https://git.kernel.org/stable/c/3a01b2614e84361aa222f67bc628593987e5cdb2

WEB https://git.kernel.org/stable/c/45379303124487db3a81219af7565d41f498167f

WEB https://git.kernel.org/stable/c/64da320252e43456cc9ec3055ff567f168467b37

WEB https://git.kernel.org/stable/c/a77f8434954cb1e9c42c3854e40855fdcf5ab235

ADVISORY https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40346.json

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-40346

PACKAGE https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

🔗 NVD 🔗 Mitre

Similar Threats

Unknown ALSA-2023:2458
Unknown ALSA-2023:1703
Unknown ALSA-2023:1566
Unknown ALSA-2023:1470
Unknown ALSA-2023:0951

Vulnerability Monitoring

Stay informed about vulnerabilities in your stack

BotEraser monitors your WordPress installation and notifies you when software you use appears in our vulnerability database.

Set Up Free Alerts →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Stay informed about vulnerabilities in your stack

Company

Resources

Services

Trusted

Subscribe