fkie_cve-2025-40177
Vulnerability from fkie_nvd
Published
2025-11-12 11:15
Modified
2025-11-12 16:19
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to queuing the buffers. We currently initialize some of the resources after queuing the buffers which creates a race between the probe() and any data that comes back from the device. If the uninitialized resources are accessed, we could see page faults. Fix the init ordering to close the race.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/48814afc7372f96a9584125c8508dffc88d1d378
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/646868e6962b14e25ae7462fdd1fb061b40c1f16
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fd6e385528d8f85993b7bfc6430576136bb14c65
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix bootlog initialization ordering\n\nAs soon as we queue MHI buffers to receive the bootlog from the device,\nwe could be receiving data. Therefore all the resources needed to\nprocess that data need to be setup prior to queuing the buffers.\n\nWe currently initialize some of the resources after queuing the buffers\nwhich creates a race between the probe() and any data that comes back\nfrom the device. If the uninitialized resources are accessed, we could\nsee page faults.\n\nFix the init ordering to close the race."
    }
  ],
  "id": "CVE-2025-40177",
  "lastModified": "2025-11-12T16:19:12.850",
  "metrics": {},
  "published": "2025-11-12T11:15:48.253",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/48814afc7372f96a9584125c8508dffc88d1d378"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/646868e6962b14e25ae7462fdd1fb061b40c1f16"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fd6e385528d8f85993b7bfc6430576136bb14c65"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.