CVE-2025-40062 in Linux
Summary
by MITRE • 10/28/2025
In the Linux kernel, the following vulnerability has been resolved:
crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs
When the initialization of qm->debug.acc_diff_reg fails, the probe process does not exit. However, after qm->debug.qm_diff_regs is freed, it is not set to NULL. This can lead to a double free when the remove process attempts to free it again. Therefore, qm->debug.qm_diff_regs should be set to NULL after it is freed.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/20/2026
The vulnerability identified as CVE-2025-40062 represents a critical double free error within the Linux kernel's cryptographic subsystem, specifically affecting the hisilicon/qm driver component. This flaw exists in the hardware accelerator driver responsible for managing cryptographic operations on HiSilicon SoCs, where improper memory management during device initialization and removal processes creates a persistent security risk. The issue manifests when the driver attempts to initialize debug registers for the queue manager but encounters a failure during the acceleration debug register setup process. The root cause stems from the driver's failure to properly manage memory pointers during error handling, creating a scenario where freed memory structures remain accessible through dangling pointers.
The technical implementation of this vulnerability involves the qm->debug.qm_diff_regs pointer which is allocated during the probe phase of device initialization but fails to be properly nullified after memory deallocation. When the initialization of qm->debug.acc_diff_reg fails, the driver continues processing instead of terminating the probe operation, leading to a problematic state where the qm_diff_regs memory area is freed but the pointer variable retains its reference to the freed memory location. This creates a classic double free condition that can be exploited by malicious actors to manipulate kernel memory structures and potentially escalate privileges. The flaw specifically violates the principle of proper resource management and memory deallocation, which is fundamental to maintaining system stability and security.
The operational impact of this vulnerability extends beyond simple memory corruption, as it can lead to system instability, denial of service conditions, and potential privilege escalation within the kernel space. Attackers could exploit this double free condition to corrupt kernel memory, potentially leading to arbitrary code execution with kernel-level privileges. The vulnerability affects systems utilizing HiSilicon hardware accelerators where the qm driver is loaded, particularly impacting server and embedded systems that rely on hardware-accelerated cryptographic operations. This issue aligns with CWE-415, which describes double free conditions in memory management, and represents a significant concern for enterprise environments where kernel stability and security are paramount.
Mitigation strategies for this vulnerability require immediate patch application to address the memory management error in the qm driver implementation. System administrators should prioritize updating kernel versions to include the fix that properly sets qm->debug.qm_diff_regs to NULL after memory deallocation, preventing the double free scenario. Additionally, monitoring for unusual system behavior or kernel memory corruption patterns can help detect potential exploitation attempts. The fix aligns with ATT&CK technique T1068 by addressing a kernel-level privilege escalation vector, and represents a fundamental improvement in kernel memory management practices. Organizations should implement comprehensive patch management procedures to ensure all affected systems receive the necessary updates, particularly those running custom or older kernel versions where this vulnerability may persist.