CVE-2025-40197Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized Resource7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 87.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedNov 12
Latest updateNov 13

Description

In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released.

Affected Packages6 packages

Linuxlinux/linux_kernel5.5.05.10.246+6
Debianlinux/linux_kernel< 5.10.247-1+3
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2dd156f44ea82cc249f46c519eed3b2f8983c8002+7
debiandebian/linux< linux 6.1.158-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-qcmj-qqpx-xfgc: In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be c2025-11-13
OSV
media: mc: Clear minor number before put device2025-11-12
OSV
CVE-2025-40197: In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cle2025-11-12

📋Vendor Advisories

3
Red Hat
kernel: media: mc: Clear minor number before put device2025-11-12
Microsoft
media: mc: Clear minor number before put device2025-11-11
Debian
CVE-2025-40197: linux - In the Linux kernel, the following vulnerability has been resolved: media: mc: ...2025