What is CVE-2025-40030?

CVE-2025-40030 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.19 onward and patched in 5.4.301, 5.10.246, 5.15.195 and others. CVE-2025-40030 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40030?

CVE-2025-40030 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40030?

Yes, CVE-2025-40030 has been patched. Fixed versions include 5.4.301, 5.10.246, 5.15.195 and others. If you are running Linux kernel 4.19 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40030 actively exploited?

CVE-2025-40030 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40030

In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmux_ops::get_function_name() While the API contract in docs doesn't specify it explicitly, the generic implementation of the get_function_name() callback from struct pinmux_ops - pinmux_generic_get_function_name() - can fail and return NULL. This is already checked in pinmux_check_ops() so add a similar check in pinmux_func_name_to_selector() instead of passing the returned pointer right down to strcmp() where the NULL can get dereferenced. This is normal operation when adding new pinfunctions.

Package Linux Kernel

Published 2025-10-28

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.19 and later are affected. Fixed in 5.4.301, 5.10.246, 5.15.195, 6.1.156, 6.6.112, 6.12.53, 6.17.3, 6.18 and their respective stable series.

Affected from

≥ 4.19

Fixed in

✓ 5.4.301 5.4.x ✓ 5.10.246 5.10.x ✓ 5.15.195 5.15.x ✓ 6.1.156 6.1.x ✓ 6.6.112 6.6.x ✓ 6.12.53 6.12.x ✓ 6.17.3 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40030 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1a2ea887a5cd7d47bab599f733d89444df018b1a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1a7fc8fed2bb2e113604fde7a45432ace2056b97
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4002ee98c022d671ecc1e4a84029e9ae7d8a5603
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40030?

CVE-2025-40030 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.19 onward and has been patched in 5.4.301, 5.10.246, 5.15.195 and others. CVE-2025-40030 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40030?

Yes — CVE-2025-40030 has been patched. Fixed versions include 5.4.301, 5.10.246, 5.15.195 and others. If you are running Linux kernel 4.19 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40030 actively exploited?

No — CVE-2025-40030 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.