What is CVE-2025-40346?

CVE-2025-40346 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.7 onward and patched in 5.10.246, 5.15.196, 6.1.158 and others. CVE-2025-40346 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40346?

CVE-2025-40346 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40346?

Yes, CVE-2025-40346 has been patched. Fixed versions include 5.10.246, 5.15.196, 6.1.158 and others. If you are running Linux kernel 5.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40346 actively exploited?

CVE-2025-40346 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40346

In the Linux kernel, the following vulnerability has been resolved: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() which causes the code to proceed with NULL clock pointers. The current logic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both valid pointers and NULL, leading to potential NULL pointer dereference in clk_get_rate(). Per include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns: "The error code within @ptr if it is an error pointer; 0 otherwise." This means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL pointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed) when cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be called when of_clk_get() returns NULL. Replace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid pointers, preventing potential NULL pointer dereference in clk_get_rate().

Package Linux Kernel

Published 2025-12-16

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.7 and later are affected. Fixed in 5.10.246, 5.15.196, 6.1.158, 6.6.115, 6.12.56, 6.17.6, 6.18 and their respective stable series.

Affected from

≥ 5.7

Fixed in

✓ 5.10.246 5.10.x ✓ 5.15.196 5.15.x ✓ 6.1.158 6.1.x ✓ 6.6.115 6.6.x ✓ 6.12.56 6.12.x ✓ 6.17.6 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40346 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/02fbea0864fd4a863671f5d418129258d7159f68
Patch
Kernel patch commit
https://git.kernel.org/stable/c/2eead19334516c8e9927c11b448fbe512b1f18a1
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3373f263bb647fcc3b5237cfaef757633b9ee25e
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40346?

CVE-2025-40346 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.7 onward and has been patched in 5.10.246, 5.15.196, 6.1.158 and others. CVE-2025-40346 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40346?

Yes — CVE-2025-40346 has been patched. Fixed versions include 5.10.246, 5.15.196, 6.1.158 and others. If you are running Linux kernel 5.7 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40346 actively exploited?

No — CVE-2025-40346 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.