CVE-2025-40011
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: Fix null dereference in hdmi teardown
pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the driver_data obtained from the same dev is dereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is extracted from it. To prevent this, swap these calls.
Found by Linux Verification Center (linuxtesting.org) with Svacer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's gma500 driver, a null pointer dereference occurs in HDMI teardown due to pci_set_drvdata being called before accessing driver_data.
Vulnerability
In the Linux kernel's gma500 DRM driver, a null pointer dereference vulnerability exists in the HDMI teardown path. The root cause is an ordering mistake: pci_set_drvdata() sets pdev->driver_data to NULL, but the code subsequently extracts i2c_dev from the same driver data in oaktrail_hdmi_i2c_exit(), leading to a null pointer dereference. [1]
Exploitation
The vulnerability is triggered during device removal or module unloading, when the HDMI subsystem is torn down. An attacker would need local access to the system and the ability to trigger the underlying device removal (e.g., via hot-unplug or driver unbind). No authentication is required beyond the ability to interact with the driver interfaces. [1]
Impact
Successful exploitation causes a kernel NULL pointer dereference, resulting in a system crash (denial of service). The vulnerability does not appear to allow privilege escalation or arbitrary code execution based on the description. [1]
Mitigation
The fix, which is to swap the pci_set_drvdata() call and the oaktrail_hdmi_i2c_exit() call, has been applied to the Linux kernel stable branches. Patched versions are available via the referenced commits. [1] Users should update their kernel to incorporate the fix.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
870b0c11483d34bbfd1b29085e15de80737d402e4ff4941ef6ffa6b5bc861f800f7054d2c0fc650fa475b352e66900cdeVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/02e4ff4941efb9bbb40d8d5b61efa1a4119b1ba7nvd
- git.kernel.org/stable/c/0fc650fa475b50c1da8236c5e900b9460c7027bcnvd
- git.kernel.org/stable/c/352e66900cde63f3dadb142364d3c35170bbaaffnvd
- git.kernel.org/stable/c/4bbfd1b290857b9d14ea9d91562bde55ff2bc85envd
- git.kernel.org/stable/c/6ffa6b5bc861a3ea9dfcdc007f002b4a347c24banvd
- git.kernel.org/stable/c/70b0c11483d3b90b2d0f416026e475e084a77e62nvd
- git.kernel.org/stable/c/e15de80737d444ed743b1c60ced4a3a97913169bnvd
- git.kernel.org/stable/c/f800f7054d2cf28b51296c7c575da27c29e3859bnvd
News mentions
0No linked articles in our index yet.