{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40062","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.158Z","datePublished":"2025-10-28T11:48:33.961Z","dateUpdated":"2026-05-11T21:41:44.649Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:41:44.649Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs\n\nWhen the initialization of qm->debug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm->debug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm->debug.qm_diff_regs\nshould be set to NULL after it is freed."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/hisilicon/debugfs.c"],"versions":[{"version":"eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c","lessThan":"a7836260d5121949ba734e840d42a86ab4a32fcc","status":"affected","versionType":"git"},{"version":"7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e","lessThan":"1750f1ec143ebabdbdfa013668665c9d5042c430","status":"affected","versionType":"git"},{"version":"8be0913389718e8d27c4f1d4537b5e1b99ed7739","lessThan":"a87a21a56244b8f4eb357f6bad879247005bbe38","status":"affected","versionType":"git"},{"version":"8be0913389718e8d27c4f1d4537b5e1b99ed7739","lessThan":"7226a0650ad5705bd8d39a11be270fa21ed1e6a5","status":"affected","versionType":"git"},{"version":"8be0913389718e8d27c4f1d4537b5e1b99ed7739","lessThan":"f0cafb02de883b3b413d34eb079c9680782a9cc1","status":"affected","versionType":"git"},{"version":"e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/hisilicon/debugfs.c"],"versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","status":"unaffected","versionType":"semver"},{"version":"6.1.156","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.112","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.53","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.3","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.98","versionEndExcluding":"6.1.156"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.39","versionEndExcluding":"6.6.112"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.17.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a7836260d5121949ba734e840d42a86ab4a32fcc"},{"url":"https://git.kernel.org/stable/c/1750f1ec143ebabdbdfa013668665c9d5042c430"},{"url":"https://git.kernel.org/stable/c/a87a21a56244b8f4eb357f6bad879247005bbe38"},{"url":"https://git.kernel.org/stable/c/7226a0650ad5705bd8d39a11be270fa21ed1e6a5"},{"url":"https://git.kernel.org/stable/c/f0cafb02de883b3b413d34eb079c9680782a9cc1"}],"title":"crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs","x_generator":{"engine":"bippy-1.2.0"}}}}