CVE-2025-40296 in Linux
Summary
by MITRE • 12/08/2025
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: int3472: Fix double free of GPIO device during unregister
regulator_unregister() already frees the associated GPIO device. On ThinkPad X9 (Lunar Lake), this causes a double free issue that leads to random failures when other drivers (typically Intel THC) attempt to allocate interrupts. The root cause is that the reference count of the pinctrl_intel_platform module unexpectedly drops to zero when this driver defers its probe.
This behavior can also be reproduced by unloading the module directly.
Fix the issue by removing the redundant release of the GPIO device during regulator unregistration.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/23/2026
The vulnerability described in CVE-2025-40296 represents a critical double free condition within the Linux kernel's platform x86 subsystem, specifically affecting the int3472 driver implementation. This issue manifests in ThinkPad X9 devices equipped with Lunar Lake processors where the regulator_unregister() function inadvertently triggers a double free operation on GPIO devices during the unregister process. The flaw stems from improper resource management where the GPIO device is released twice - once by regulator_unregister() and again by the driver's cleanup routine, creating a memory corruption scenario that can lead to system instability and potential exploitation. The vulnerability is classified under CWE-415 as a double free condition, which represents a well-known memory safety issue that can be leveraged by attackers to execute arbitrary code or cause denial of service conditions.
The technical implementation of this vulnerability occurs within the pinctrl_intel_platform module where the reference count unexpectedly drops to zero during driver probe deferral operations. This specific behavior creates a race condition where the GPIO device structure becomes prematurely freed while other subsystems like Intel THC drivers attempt to allocate interrupts, resulting in memory corruption that manifests as random system failures. The double free condition is particularly dangerous because it allows attackers to manipulate the freed memory space and potentially overwrite critical kernel data structures, making this vulnerability exploitable under certain conditions. The issue is further exacerbated by the fact that the same problem can be reproduced through direct module unloading, indicating that the root cause lies in the fundamental design of how GPIO resources are managed during driver lifecycle operations.
The operational impact of this vulnerability extends beyond simple system instability to include potential security implications for embedded systems and enterprise deployments where ThinkPad X9 devices are utilized. When the double free occurs, the memory corruption can cause the kernel to crash or behave unpredictably, leading to service interruptions that may be difficult to diagnose due to the random nature of the failures. The interference with interrupt allocation by Intel THC drivers creates a cascading effect that can compromise the entire system's ability to handle hardware interrupts properly, potentially affecting device functionality and system responsiveness. According to ATT&CK framework category T1068, this vulnerability could be leveraged to escalate privileges or gain unauthorized access to system resources, as memory corruption vulnerabilities often provide attackers with opportunities to manipulate kernel memory and execute malicious code.
The fix for CVE-2025-40296 involves removing the redundant GPIO device release operation that occurs during regulator unregistration, ensuring that the GPIO device is freed only once by the regulator_unregister() function. This approach aligns with proper resource management principles and eliminates the double free condition that was causing the memory corruption. System administrators should prioritize applying this kernel patch to all affected ThinkPad X9 devices running Lunar Lake processors to prevent potential exploitation. The mitigation strategy should also include monitoring for unusual system crashes or memory allocation failures that might indicate the vulnerability is still present in unpatched systems. Regular kernel updates and proper security patch management are essential to protect against similar vulnerabilities that could arise from improper resource handling in kernel subsystems. Organizations using these specific hardware platforms should implement comprehensive testing procedures to verify that the patch resolves the double free condition without introducing regressions in system functionality.