CVE-2025-40360

Vulnerability

Description

A null-pointer dereference vulnerability exists in the Linux kernel's drm/sysfb subsystem, specifically in the __drm_gem_reset_shadow_plane() function. The function does not check if the plane state pointer is NULL before dereferencing it, leading to a potential crash when a system with certain graphics configurations attempts to reset the plane [1].

Exploitation

An attacker would need to be able to trigger a plane reset operation on a system using the affected kernel versions. This could be achieved by a user with local access or by unprivileged code that causes the DRM subsystem to perform a plane reset, such as during display mode changes or certain graphics operations. No authentication is required beyond the ability to interact with the DRM subsystem [2].

Impact

Successful exploitation could lead to a denial of service (system crash) or potentially other undefined behavior due to the null-pointer dereference. The issue is considered moderate severity as it requires local access or specific conditions to trigger, but it could result in system instability [3].

Mitigation

The fix, which checks for NULL before dereferencing the plane state pointer and properly forwards NULL to other helpers, has been applied to the Linux kernel stable tree [1]. Systems should apply the available kernel updates to remediate this vulnerability.