CVE-2025-40076

28.10.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

PCI: rcar-host: Pass proper IRQ domain to generic_handle_domain_irq()

Starting with commit dd26c1a23fd5 ("PCI: rcar-host: Switch to
msi_create_parent_irq_domain()"), the MSI parent IRQ domain is NULL because
the object of type struct irq_domain_info passed to:

msi_create_parent_irq_domain() ->
  irq_domain_instantiate()() ->
    __irq_domain_instantiate()

has no reference to the parent IRQ domain. Using msi->domain->parent as an
argument for generic_handle_domain_irq() leads to below error:

	"Unable to handle kernel NULL pointer dereference at virtual address"

This error was identified while switching the upcoming RZ/G3S PCIe host
controller driver to msi_create_parent_irq_domain() (which was using a
similar pattern to handle MSIs (see link section)), but it was not tested
on hardware using the pcie-rcar-host controller driver due to lack of
hardware.

[mani: reworded subject and description]

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.244-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.153-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.16.12-2 fixed
sid	6.16.12-2 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um beliebigen Code auszuführen, privilegierten Zugriff zu erlangen, sensible Informationen zu stehlen oder betroffene Systeme funktionsunfähig zu machen.
Published: 2025-10-28T23:00:00+00:00

References

https://git.kernel.org/stable/c/d3fee10e40a938331e2aae34348691136db31304

https://git.kernel.org/stable/c/e8e21aaf5d34015901cd271053a67a62b4204526