CVE-2025-40011

pcisetdrvdata sets the value of pdev->driverdata to NULL, after which the driverdata obtained from the same dev is dereferenced in oaktrailhdmii2cexit, and the i2cdev is extracted from it. To prevent this, swap these calls.

Found by Linux Verification Center (linuxtesting.org) with Svacer.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40011.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1b082ccf5901108d3acd860a73d8c0442556c0bb

Fixed

70b0c11483d3b90b2d0f416026e475e084a77e62

Fixed

4bbfd1b290857b9d14ea9d91562bde55ff2bc85e

Fixed

e15de80737d444ed743b1c60ced4a3a97913169b

Fixed

02e4ff4941efb9bbb40d8d5b61efa1a4119b1ba7

Fixed

6ffa6b5bc861a3ea9dfcdc007f002b4a347c24ba

Fixed

f800f7054d2cf28b51296c7c575da27c29e3859b

Fixed

0fc650fa475b50c1da8236c5e900b9460c7027bc

Fixed

352e66900cde63f3dadb142364d3c35170bbaaff

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40011.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3.0

Fixed

5.4.300

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.245

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.194

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.155

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.109

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.50

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.16.10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40011.json"