CVE-2025-40224

Summary

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc()

The driver allocates memory for sensor data using devm_kzalloc(), but did not check if the allocation succeeded. In case of memory allocation failure, dereferencing the NULL pointer would lead to a kernel crash.

Add a NULL pointer check and return -ENOMEM to handle allocation failure properly.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux08ebc9def79fc0c4dbb6ecc39263006e3f98b750 < 240b82b86a091c1aa49d951d4467425420a081a0affected
LinuxLinux08ebc9def79fc0c4dbb6ecc39263006e3f98b750 < a09a5aa8bf258ddc99a22c30f17fe304b96b5350affected
LinuxLinux6.15affected
LinuxLinux0 < 6.15unaffected
LinuxLinux6.17.6 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References