What is CVE-2025-40296?

CVE-2025-40296 is a unscored severity Linux kernel vulnerability. CVE-2025-40296 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40296?

CVE-2025-40296 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40296?

No patch is currently available for CVE-2025-40296. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2025-40296 actively exploited?

CVE-2025-40296 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40296

In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Fix double free of GPIO device during unregister regulator_unregister() already frees the associated GPIO device. On ThinkPad X9 (Lunar Lake), this causes a double free issue that leads to random failures when other drivers (typically Intel THC) attempt to allocate interrupts. The root cause is that the reference count of the pinctrl_intel_platform module unexpectedly drops to zero when this driver defers its probe. This behavior can also be reproduced by unloading the module directly. Fix the issue by removing the redundant release of the GPIO device during regulator unregistration.

Package Linux Kernel

Published 2025-12-08

Last modified 2026-04-15

Patch available

Awaiting data

References

The following references provide additional information about CVE-2025-40296 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/b8113bb56c45bd17bac5144b55591f9cdbd6aabe
Patch
Kernel patch commit
https://git.kernel.org/stable/c/f0f7a3f542c1698edb69075f25a3f846207facba
Patch