CVE-2025-40346
CVE-2025-40346 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (7th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-203641
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() which causes the code to proceed with NULL clock pointers. The current logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both valid pointers and NULL, leading to potential NULL pointer dereference in clk_get_rate(). Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns: "The error code within @ptr if it is an error pointer; 0 otherwise." This means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL pointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed) when cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be called when of_clk_get() returns NULL. Replace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid pointers, preventing potential NULL pointer dereference in clk_get_rate().
Frequently asked questions
- What is CVE-2025-40346?
- In the Linux kernel, the following vulnerability has been resolved: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() which causes the code to proceed with NULL clock pointers. The current logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both valid pointers and NULL, leading to potential NULL pointer dereference in clk_get_rate(). Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns: "The error code within @ptr if it is an error pointer; 0 otherwise." This means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL pointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed) when cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be called when of_clk_get() returns NULL. Replace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid pointers, preventing potential NULL pointer dereference in clk_get_rate().
- Is CVE-2025-40346 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (7th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-40346?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-40346 have an EU (EUVD) identifier?
- Yes. CVE-2025-40346 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-203641.
- When was CVE-2025-40346 published?
- CVE-2025-40346 was published on 2025-12-16 and last updated on 2026-06-17.
References
- https://git.kernel.org/stable/c/02fbea0864fd4a863671f5d418129258d7159f68
- https://git.kernel.org/stable/c/2eead19334516c8e9927c11b448fbe512b1f18a1
- https://git.kernel.org/stable/c/3373f263bb647fcc3b5237cfaef757633b9ee25e
- https://git.kernel.org/stable/c/3a01b2614e84361aa222f67bc628593987e5cdb2
- https://git.kernel.org/stable/c/45379303124487db3a81219af7565d41f498167f
- https://git.kernel.org/stable/c/64da320252e43456cc9ec3055ff567f168467b37
- https://git.kernel.org/stable/c/a77f8434954cb1e9c42c3854e40855fdcf5ab235