CVE-2025-40031
- Source
- https://cve.org/CVERecord?id=CVE-2025-40031
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40031.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-40031
- Downstream
- Published
- 2025-10-28T11:48:13.644Z
- Modified
- 2025-12-05T10:16:49.092172Z
- Summary
- tee: fix register_shm_helper()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tee: fix registershmhelper()
In registershmhelper(), fix incorrect error handling for a call to ioviterextractpages(). A case is missing for when ioviterextractpages() only got some pages and return a number larger than 0, but not the requested amount.
This fixes a possible NULL pointer dereference following a bad input from ioctl(TEEIOCSHM_REGISTER) where parts of the buffer isn't mapped.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40031.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/6a7874ab814ce12003c46a92f7afc9b035c8e8e9
- https://git.kernel.org/stable/c/9338093db954918558677a468d32e77041c65167
- https://git.kernel.org/stable/c/d5cf5b37064b1699d946e8b7ab4ac7d7d101814c
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40031.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40031
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7bdee41575919773818e525ea19e54eb817770afFixed9338093db954918558677a468d32e77041c65167Fixed6a7874ab814ce12003c46a92f7afc9b035c8e8e9Fixedd5cf5b37064b1699d946e8b7ab4ac7d7d101814c
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.46
v6.12.47
v6.12.48
v6.12.49
v6.12.5
v6.12.50
v6.12.51
v6.12.52
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.7
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7