CVE-2025-40147NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference15 documents6 sources
Severity
6.2MEDIUM
No vector
EPSS
0.0%
top 94.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedNov 12
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blk_should_throtl() when throttling is consulted before the throttle policy is fully enabled for the queue. Checking only q->td != NULL is insufficient during early initialization, so blkg_to_pd() for the throttle policy can still return NULL and blkg_to_tg() becomes NULL, which later gets derefere

Affected Packages5 packages

Linuxlinux/linux_kernel6.10.06.12.78+1
Debianlinux/linux_kernel< 6.17.6-1
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linuxa3166c51702bb00b8f8b84022090cbab8f37be1a7b4bfd02c934dbbb18814ed012ecb90b58db6935+3
debiandebian/linux< linux 6.17.6-1 (forky)

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: blk-throttle: fix access race during throttle policy activation2025-11-12