CVE-2025-40033

Vulnerability

In the Linux kernel's PRU (Programmable Real-Time Unit) remoteproc driver, the function pru_rproc_set_ctable() accesses rproc->priv before performing an IS_ERR_OR_NULL check on the rproc pointer. This ordering flaw can lead to a NULL pointer dereference if a NULL or error-valued rproc is passed to the function [1].

Exploitation

The vulnerability is present in the kernel source code and can be triggered when the pru_rproc_set_ctable() function is called with an invalid rproc pointer. No special privileges or authentication are required beyond the ability to trigger the affected code path, which may occur during normal driver operations or through crafted inputs that cause the driver to receive a NULL pointer [1].

Impact

A successful exploit could cause a denial of service (system crash or kernel panic) due to the NULL pointer dereference. The impact is limited to availability; there is no evidence of privilege escalation or data corruption from this bug [1].

Mitigation

The fix, committed to the Linux kernel stable tree, moves the assignment of the pru variable (derived from rproc->priv) to after the IS_ERR_OR_NULL check, ensuring the pointer is validated before dereferencing [1]. Users should apply the latest kernel updates to address this vulnerability.