CVE-2025-40110

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-40110
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40110.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40110
Downstream
Published
2025-11-12T01:07:24.739Z
Modified
2025-11-28T02:34:26.108871Z
Summary
drm/vmwgfx: Fix a null-ptr access in the cursor snooper
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Fix a null-ptr access in the cursor snooper

Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it.

vmwcmdrescheck allows explicit invalid (SVGA3DINVALIDID) identifiers because some svga commands accept SVGA3DINVALIDID to mean "no surface", unfortunately functions that accept the actual surfaces as objects might (and in case of the cursor snooper, do not) be able to handle null objects. Make sure that we validate not only the identifier (via the vmwcmdrescheck) but also check that the actual resource exists before trying to do something with it.

Fixes unchecked null-ptr reference in the snooping code.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40110.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c0951b797e7d0f2c6b0df2c0e18185c72d0cf1a1
Fixed
299cfb5a7deabdf9ecd30071755672af0aced5eb
Fixed
13c9e4ed125e19484234c960efe5ac9c55119523
Fixed
b6fca0a07989f361ceda27cb2d09c555d4d4a964
Fixed
5ac2c0279053a2c5265d46903432fb26ae2d0da2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.8.0
Fixed
6.6.113
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.54
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.4