fkie_cve-2025-40076
Vulnerability from fkie_nvd
Published
2025-10-28 12:15
Modified
2025-10-30 15:05
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-host: Pass proper IRQ domain to generic_handle_domain_irq() Starting with commit dd26c1a23fd5 ("PCI: rcar-host: Switch to msi_create_parent_irq_domain()"), the MSI parent IRQ domain is NULL because the object of type struct irq_domain_info passed to: msi_create_parent_irq_domain() -> irq_domain_instantiate()() -> __irq_domain_instantiate() has no reference to the parent IRQ domain. Using msi->domain->parent as an argument for generic_handle_domain_irq() leads to below error: "Unable to handle kernel NULL pointer dereference at virtual address" This error was identified while switching the upcoming RZ/G3S PCIe host controller driver to msi_create_parent_irq_domain() (which was using a similar pattern to handle MSIs (see link section)), but it was not tested on hardware using the pcie-rcar-host controller driver due to lack of hardware. [mani: reworded subject and description]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d3fee10e40a938331e2aae34348691136db31304
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e8e21aaf5d34015901cd271053a67a62b4204526
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: rcar-host: Pass proper IRQ domain to generic_handle_domain_irq()\n\nStarting with commit dd26c1a23fd5 (\"PCI: rcar-host: Switch to\nmsi_create_parent_irq_domain()\"), the MSI parent IRQ domain is NULL because\nthe object of type struct irq_domain_info passed to:\n\nmsi_create_parent_irq_domain() -\u003e\n  irq_domain_instantiate()() -\u003e\n    __irq_domain_instantiate()\n\nhas no reference to the parent IRQ domain. Using msi-\u003edomain-\u003eparent as an\nargument for generic_handle_domain_irq() leads to below error:\n\n\t\"Unable to handle kernel NULL pointer dereference at virtual address\"\n\nThis error was identified while switching the upcoming RZ/G3S PCIe host\ncontroller driver to msi_create_parent_irq_domain() (which was using a\nsimilar pattern to handle MSIs (see link section)), but it was not tested\non hardware using the pcie-rcar-host controller driver due to lack of\nhardware.\n\n[mani: reworded subject and description]"
    }
  ],
  "id": "CVE-2025-40076",
  "lastModified": "2025-10-30T15:05:32.197",
  "metrics": {},
  "published": "2025-10-28T12:15:42.160",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d3fee10e40a938331e2aae34348691136db31304"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e8e21aaf5d34015901cd271053a67a62b4204526"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.