GHSA-394X-FQ64-JQF6
Vulnerability from github – Published: 2025-11-03 15:30 – Updated: 2025-11-03 15:30In the Linux kernel, the following vulnerability has been resolved:
can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
This issue is similar to the vulnerability in the mcp251x driver,
which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from
sleep before interface was brought up").
In the hi311x driver, when the device resumes from sleep, the driver
schedules priv->restart_work. However, if the network interface was
not previously enabled, the priv->wq (workqueue) is not allocated and
initialized, leading to a null pointer dereference.
To fix this, we move the allocation and initialization of the workqueue
from the hi3110_open function to the hi3110_can_probe function.
This ensures that the workqueue is properly initialized before it is
used during device resume. And added logic to destroy the workqueue
in the error handling paths of hi3110_can_probe and in the
hi3110_can_remove function to prevent resource leaks.
{
"affected": [],
"aliases": [
"CVE-2025-40107"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-03T13:15:36Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled\n\nThis issue is similar to the vulnerability in the `mcp251x` driver,\nwhich was fixed in commit 03c427147b2d (\"can: mcp251x: fix resume from\nsleep before interface was brought up\").\n\nIn the `hi311x` driver, when the device resumes from sleep, the driver\nschedules `priv-\u003erestart_work`. However, if the network interface was\nnot previously enabled, the `priv-\u003ewq` (workqueue) is not allocated and\ninitialized, leading to a null pointer dereference.\n\nTo fix this, we move the allocation and initialization of the workqueue\nfrom the `hi3110_open` function to the `hi3110_can_probe` function.\nThis ensures that the workqueue is properly initialized before it is\nused during device resume. And added logic to destroy the workqueue\nin the error handling paths of `hi3110_can_probe` and in the\n`hi3110_can_remove` function to prevent resource leaks.",
"id": "GHSA-394x-fq64-jqf6",
"modified": "2025-11-03T15:30:29Z",
"published": "2025-11-03T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40107"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1d2ef21f02baff0c109ad78b9e835fb4acb14533"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b696808472197b77b888f50bc789a3bae077743"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d1fc4c041459e2d4856c1b2501486ba4f0cbf96b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e93af787187e585933570563c643337fa731584a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd00cf38fd437c979f0e5905e3ebdfc3f55a4b96"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.