What is CVE-2025-40107?

CVE-2025-40107 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.12 onward and patched in 6.1.156, 6.6.111, 6.12.52 and others. CVE-2025-40107 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40107?

CVE-2025-40107 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40107?

Yes, CVE-2025-40107 has been patched. Fixed versions include 6.1.156, 6.6.111, 6.12.52 and others. If you are running Linux kernel 4.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40107 actively exploited?

CVE-2025-40107 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40107

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up"). In the `hi311x` driver, when the device resumes from sleep, the driver schedules `priv->restart_work`. However, if the network interface was not previously enabled, the `priv->wq` (workqueue) is not allocated and initialized, leading to a null pointer dereference. To fix this, we move the allocation and initialization of the workqueue from the `hi3110_open` function to the `hi3110_can_probe` function. This ensures that the workqueue is properly initialized before it is used during device resume. And added logic to destroy the workqueue in the error handling paths of `hi3110_can_probe` and in the `hi3110_can_remove` function to prevent resource leaks.

Package Linux Kernel

Published 2025-11-03

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.12 and later are affected. Fixed in 6.1.156, 6.6.111, 6.12.52, 6.16.12, 6.17 and their respective stable series.

Affected from

≥ 4.12

Fixed in

✓ 6.1.156 6.1.x ✓ 6.6.111 6.6.x ✓ 6.12.52 6.12.x ✓ 6.16.12 6.16.x ✓ 6.17

References

The following references provide additional information about CVE-2025-40107 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1d2ef21f02baff0c109ad78b9e835fb4acb14533
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6b696808472197b77b888f50bc789a3bae077743
Patch
Kernel patch commit
https://git.kernel.org/stable/c/d1fc4c041459e2d4856c1b2501486ba4f0cbf96b
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40107?

CVE-2025-40107 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.12 onward and has been patched in 6.1.156, 6.6.111, 6.12.52 and others. CVE-2025-40107 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40107?

Yes — CVE-2025-40107 has been patched. Fixed versions include 6.1.156, 6.6.111, 6.12.52 and others. If you are running Linux kernel 4.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40107 actively exploited?

No — CVE-2025-40107 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.