What is CVE-2025-40157?

CVE-2025-40157 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.3 onward and patched in 6.6.112, 6.12.53, 6.17.3 and others. CVE-2025-40157 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40157?

CVE-2025-40157 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40157?

Yes, CVE-2025-40157 has been patched. Fixed versions include 6.6.112, 6.12.53, 6.17.3 and others. If you are running Linux kernel 6.3 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40157 actively exploited?

CVE-2025-40157 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40157

In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nm_edac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:16 shift exponent -66 is negative ... __ubsan_handle_shift_out_of_bounds+0x1e3/0x390 skx_get_dimm_info.cold+0x47/0xd40 [skx_edac_common] i10nm_get_dimm_config+0x23e/0x390 [i10nm_edac] skx_register_mci+0x159/0x220 [skx_edac_common] i10nm_init+0xcb0/0x1ff0 [i10nm_edac] ... This occurs because some BIOS may disable a memory controller if there aren't any memory DIMMs populated on this memory controller. The DIMMMTR register of this disabled memory controller contains the invalid value ~0, resulting in the call trace above. Fix this call trace by skipping DIMM enumeration on a disabled memory controller.

Package Linux Kernel

Published 2025-11-12

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.3 and later are affected. Fixed in 6.6.112, 6.12.53, 6.17.3, 6.18 and their respective stable series.

Affected from

≥ 6.3

Fixed in

✓ 6.6.112 6.6.x ✓ 6.12.53 6.12.x ✓ 6.17.3 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40157 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1652f14cf3bef5a4baa232de954fc22bdcaa78fe
Patch
Kernel patch commit
https://git.kernel.org/stable/c/2e6fe1bbefd9c059c3787d1c620fe67343a94dff
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8100b6c0f9089d5b156642b81270ce27fff17490
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40157?

CVE-2025-40157 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.3 onward and has been patched in 6.6.112, 6.12.53, 6.17.3 and others. CVE-2025-40157 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40157?

Yes — CVE-2025-40157 has been patched. Fixed versions include 6.6.112, 6.12.53, 6.17.3 and others. If you are running Linux kernel 6.3 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40157 actively exploited?

No — CVE-2025-40157 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.