CVE-2025-40224

Published: Dec 4, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() The driver allocates memory for sensor data using devm_kzalloc(), but did not check if the allocation succeeded. In case of memory allocation failure, dereferencing the NULL pointer would lead to a kernel crash. Add a NULL pointer check and return -ENOMEM to handle allocation failure properly.

Vendor	Product	Versions
Linux	Linux	affected `08ebc9def79fc0c4dbb6ecc39263006e3f98b750 - < 240b82b86a091c1aa49d951d4467425420a081a0` affected `08ebc9def79fc0c4dbb6ecc39263006e3f98b750 - < a09a5aa8bf258ddc99a22c30f17fe304b96b5350`
Linux	Linux	affected `6.15` unaffected `0 - < 6.15` unaffected `6.17.6 - <= 6.17.` unaffected `6.18 - <= `

References

https://git.kernel.org/stable/c/240b82b86a091c1aa49d951d4467425420a081a0

https://git.kernel.org/stable/c/a09a5aa8bf258ddc99a22c30f17fe304b96b5350

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40224

Description

Affected Products

References