CVE-2025-40107
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40107
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40107.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40107
- Downstream
- Related
- Published
- 2025-11-03T12:15:12.587Z
- Modified
- 2025-11-28T02:34:45.703074Z
- Summary
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
This issue is similar to the vulnerability in the
mcp251xdriver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up").In the
hi311xdriver, when the device resumes from sleep, the driver schedulespriv->restart_work. However, if the network interface was not previously enabled, thepriv->wq(workqueue) is not allocated and initialized, leading to a null pointer dereference.To fix this, we move the allocation and initialization of the workqueue from the
hi3110_openfunction to thehi3110_can_probefunction. This ensures that the workqueue is properly initialized before it is used during device resume. And added logic to destroy the workqueue in the error handling paths ofhi3110_can_probeand in thehi3110_can_removefunction to prevent resource leaks. - Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40107.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1d2ef21f02baff0c109ad78b9e835fb4acb14533
- https://git.kernel.org/stable/c/6b696808472197b77b888f50bc789a3bae077743
- https://git.kernel.org/stable/c/d1fc4c041459e2d4856c1b2501486ba4f0cbf96b
- https://git.kernel.org/stable/c/e93af787187e585933570563c643337fa731584a
- https://git.kernel.org/stable/c/fd00cf38fd437c979f0e5905e3ebdfc3f55a4b96
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40107.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40107
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixedd1fc4c041459e2d4856c1b2501486ba4f0cbf96bFixede93af787187e585933570563c643337fa731584aFixed1d2ef21f02baff0c109ad78b9e835fb4acb14533Fixedfd00cf38fd437c979f0e5905e3ebdfc3f55a4b96Fixed6b696808472197b77b888f50bc789a3bae077743
Linux / Kernel
Package
- Name
- Kernel