{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40070","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.159Z","datePublished":"2025-10-28T11:48:38.838Z","dateUpdated":"2026-05-11T21:41:54.227Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:41:54.227Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npps: fix warning in pps_register_cdev when register device fail\n\nSimilar to previous commit 2a934fdb01db (\"media: v4l2-dev: fix error\nhandling in __video_register_device()\"), the release hook should be set\nbefore device_register(). Otherwise, when device_register() return error\nand put_device() try to callback the release function, the below warning\nmay happen.\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 1 PID: 4760 at drivers/base/core.c:2567 device_release+0x1bd/0x240 drivers/base/core.c:2567\n  Modules linked in:\n  CPU: 1 UID: 0 PID: 4760 Comm: syz.4.914 Not tainted 6.17.0-rc3+ #1 NONE\n  RIP: 0010:device_release+0x1bd/0x240 drivers/base/core.c:2567\n  Call Trace:\n   <TASK>\n   kobject_cleanup+0x136/0x410 lib/kobject.c:689\n   kobject_release lib/kobject.c:720 [inline]\n   kref_put include/linux/kref.h:65 [inline]\n   kobject_put+0xe9/0x130 lib/kobject.c:737\n   put_device+0x24/0x30 drivers/base/core.c:3797\n   pps_register_cdev+0x2da/0x370 drivers/pps/pps.c:402\n   pps_register_source+0x2f6/0x480 drivers/pps/kapi.c:108\n   pps_tty_open+0x190/0x310 drivers/pps/clients/pps-ldisc.c:57\n   tty_ldisc_open+0xa7/0x120 drivers/tty/tty_ldisc.c:432\n   tty_set_ldisc+0x333/0x780 drivers/tty/tty_ldisc.c:563\n   tiocsetd drivers/tty/tty_io.c:2429 [inline]\n   tty_ioctl+0x5d1/0x1700 drivers/tty/tty_io.c:2728\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:598 [inline]\n   __se_sys_ioctl fs/ioctl.c:584 [inline]\n   __x64_sys_ioctl+0x194/0x210 fs/ioctl.c:584\n   do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n   do_syscall_64+0x5f/0x2a0 arch/x86/entry/syscall_64.c:94\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n   </TASK>\n\nBefore commit c79a39dc8d06 (\"pps: Fix a use-after-free\"),\npps_register_cdev() call device_create() to create pps->dev, which will\ninit dev->release to device_create_release(). Now the comment is outdated,\njust remove it.\n\nThanks for the reminder from Calvin Owens, 'kfree_pps' should be removed\nin pps_register_source() to avoid a double free in the failure case."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/pps/kapi.c","drivers/pps/pps.c"],"versions":[{"version":"785c78ed0d39d1717cca3ef931d3e51337b5e90e","lessThan":"38c7bb10aae5118dd48fa7a82f7bf93839bcc320","status":"affected","versionType":"git"},{"version":"1a7735ab2cb9747518a7416fb5929e85442dec62","lessThan":"2a194707ca27a3b0523023fa8b446e5ec922dc51","status":"affected","versionType":"git"},{"version":"c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7","lessThan":"125527db41805693208ee1aacd7f3ffe6a3a489c","status":"affected","versionType":"git"},{"version":"91932db1d96b2952299ce30c1c693d834d10ace6","lessThan":"4cbd7450a22c5ee4842fc4175ad06c0c82ea53a8","status":"affected","versionType":"git"},{"version":"cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64","lessThan":"cf71834a0cfc394c72d62fd6dbb470ee13cf8f5e","status":"affected","versionType":"git"},{"version":"7e5ee3281dc09014367f5112b6d566ba36ea2d49","lessThan":"f01fa3588e0b3cb1540f56d2c6bd99e5b3810234","status":"affected","versionType":"git"},{"version":"c79a39dc8d060b9e64e8b0fa9d245d44befeefbe","lessThan":"0f97564a1fb62f34b3b498e2f12caffbe99c004a","status":"affected","versionType":"git"},{"version":"c79a39dc8d060b9e64e8b0fa9d245d44befeefbe","lessThan":"b0531cdba5029f897da5156815e3bdafe1e9b88d","status":"affected","versionType":"git"},{"version":"85241f7de216f8298f6e48540ea13d7dcd100870","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/pps/kapi.c","drivers/pps/pps.c"],"versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","status":"unaffected","versionType":"semver"},{"version":"5.4.301","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.246","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.195","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.156","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.112","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.53","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.3","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.291","versionEndExcluding":"5.4.301"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.235","versionEndExcluding":"5.10.246"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.179","versionEndExcluding":"5.15.195"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.129","versionEndExcluding":"6.1.156"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.76","versionEndExcluding":"6.6.112"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.13","versionEndExcluding":"6.12.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.17.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/38c7bb10aae5118dd48fa7a82f7bf93839bcc320"},{"url":"https://git.kernel.org/stable/c/2a194707ca27a3b0523023fa8b446e5ec922dc51"},{"url":"https://git.kernel.org/stable/c/125527db41805693208ee1aacd7f3ffe6a3a489c"},{"url":"https://git.kernel.org/stable/c/4cbd7450a22c5ee4842fc4175ad06c0c82ea53a8"},{"url":"https://git.kernel.org/stable/c/cf71834a0cfc394c72d62fd6dbb470ee13cf8f5e"},{"url":"https://git.kernel.org/stable/c/f01fa3588e0b3cb1540f56d2c6bd99e5b3810234"},{"url":"https://git.kernel.org/stable/c/0f97564a1fb62f34b3b498e2f12caffbe99c004a"},{"url":"https://git.kernel.org/stable/c/b0531cdba5029f897da5156815e3bdafe1e9b88d"}],"title":"pps: fix warning in pps_register_cdev when register device fail","x_generator":{"engine":"bippy-1.2.0"}}}}