SB20251028105 - NULL pointer dereference in Linux kernel endpoint functions driver
Published: October 28, 2025
Security Bulletin ID
SB20251028105
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-40032)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_clean_dma_chan() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0c5ce6b6ccc22d486cc7239ed908cb0ae5363a7b
- https://git.kernel.org/stable/c/57f7fb0d1ac28540c0f6405c829bb9c3b89d8dba
- https://git.kernel.org/stable/c/6411f840a9b5c47c00ca8e004733de232553870d
- https://git.kernel.org/stable/c/85afa9ea122dd9d4a2ead104a951d318975dcd25
- https://git.kernel.org/stable/c/fb54ffd60064c4e5139a3eb216e877b1acae1c8b