SB20251112111 - NULL pointer dereference in Linux kernel md driver
Published: November 12, 2025
Security Bulletin ID
SB20251112111
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-40134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __dm_suspend() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/19ca4528666990be376ac3eb6fe667b03db5324d
- https://git.kernel.org/stable/c/30f95b7eda5966b81cb221bd569c0f095a068cf6
- https://git.kernel.org/stable/c/331c2dd8ca8bad1a3ac10cce847ffb76158eece4
- https://git.kernel.org/stable/c/846cafc4725ca727d94f9c4b5f789c1a7c8fb6fe
- https://git.kernel.org/stable/c/8d33a030c566e1f105cd5bf27f37940b6367f3be
- https://git.kernel.org/stable/c/9dc43ea6a20ff83fe9a5fe4be47ae0fbf2409b98
- https://git.kernel.org/stable/c/a0e54bd8d7ea79127fe9920df3ae36f85e79ac7c
- https://git.kernel.org/stable/c/a802901b75e13cc306f1b7ab0f062135c8034e9e