CVE-2025-40119 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference15 documents6 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 93.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedNov 12

Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4_mb_init() In ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called when sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo slab cache allocation fails). Since ext4_mb_avg_fragment_size_destroy() lacks null pointer checking, this leads to a null pointer dereference. EXT4-fs: no memory for groupinfo slab cache BUG: kernel NULL pointer dereference, address: 00…

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.17.0 — 6.17.3

▶Ubuntulinux/linux_kernel< 6.17.0-14.14

▶CVEListV5linux/linuxd99d714f714c9492dc64d8ab4329b083dbfa9cab — 08d9175578d6a8e9b81921898fbf01aa669cd2be+3

▶debiandebian/linux

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2026-02-24

▶

OSV

linux-oem-6.17 vulnerabilities↗2026-02-17

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2026-02-17

▶

OSV

linux-gcp vulnerabilities↗2026-02-12

▶

OSV

linux, linux-raspi, linux-realtime vulnerabilities↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-02-17

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-12

▶

Red Hat

kernel: ext4: fix potential null deref in ext4_mb_init()↗2025-11-12

▶