CVE-2025-40010

medium

Description

In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afs_put_server afs_put_server() accessed server->debug_id before the NULL check, which could lead to a null pointer dereference. Move the debug_id assignment, ensuring we never dereference a NULL server pointer.

References

https://git.kernel.org/stable/c/cab278cead49a547ac84c3e185f446f381303eae

https://git.kernel.org/stable/c/a13dbc5e20c7284b82afe6f08debdecf51d2ca04

https://git.kernel.org/stable/c/9158c6bb245113d4966df9b2ba602197a379412e

https://git.kernel.org/stable/c/7b8381f3c405b864a814d747e526e078c3ef4bc2

https://git.kernel.org/stable/c/41782c44bb8431c43043129ae42f2ba614938479

Details

Source: Mitre, NVD

Published: 2025-10-20

Updated: 2025-10-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018