CVE-2025-40111

high

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmw_execbuf_process. All nodes are expected to be cleared in vmw_validation_drop_ht but this node escaped because its resource was destroyed prematurely.

References

https://git.kernel.org/stable/c/fb7165e5f3b3b10721ff70553583ad12e90e447a

https://git.kernel.org/stable/c/dfe1323ab3c8a4dd5625ebfdba44dc47df84512a

https://git.kernel.org/stable/c/9a8eaca539708ca532747f606d231f70e684e8ca

https://git.kernel.org/stable/c/867bda5d95d36f10da398fd4409e21c7002b2332

https://git.kernel.org/stable/c/65608e991c2d771c13404e5c7ae122ac3c3357a4

https://git.kernel.org/stable/c/655a2f29bfc21105c80bf8a7d7aafa6eca8b4496

https://git.kernel.org/stable/c/4c918f9d1ccccc0e092f43dcb2d8266f54d7340b

https://git.kernel.org/stable/c/1822e5287b7dfa59d0af966756ebf1dc652b60ee

Details

Source: Mitre, NVD

Published: 2025-11-12

Updated: 2025-11-12

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00024