SB20251216109 - NULL pointer dereference in Linux kernel gpu drm driver
Published: December 16, 2025
Security Bulletin ID
SB20251216109
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-40360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL() function in drivers/gpu/drm/drm_gem_atomic_helper.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/14e02ed3876f4ab0ed6d3f41972175f8b8df3d70
- https://git.kernel.org/stable/c/6abeff03cb79a2c7f4554a8e8738acd35bb37152
- https://git.kernel.org/stable/c/6bdef5648a60e49d4a3b02461ab7ae3776877e77
- https://git.kernel.org/stable/c/b61ed8005bd3102510fab5015ac6a275c9c5ea16
- https://git.kernel.org/stable/c/c4faf7f417eea8b8d5cc570a1015736f307aa2d5
- https://git.kernel.org/stable/c/c7d5e69866bbe95c1e4ab4c10a81e0a02d9ea232