CVE-2025-40296Double Free in Linux

15 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 89.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 8
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Fix double free of GPIO device during unregister regulator_unregister() already frees the associated GPIO device. On ThinkPad X9 (Lunar Lake), this causes a double free issue that leads to random failures when other drivers (typically Intel THC) attempt to allocate interrupts. The root cause is that the reference count of the pinctrl_intel_platform module unexpectedly drops to zero when this driver defer

Affected Packages5 packages

Linuxlinux/linux_kernel6.16.06.17.8
Debianlinux/linux_kernel< 6.17.8-1
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linux1e5d088a52c207bcef6a43a6f6ffe162c514ed64b8113bb56c45bd17bac5144b55591f9cdbd6aabe+2
debiandebian/linux< linux 6.17.8-1 (forky)

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: platform/x86: int3472: Fix double free of GPIO device during unregister2025-12-08