Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Fix double free of GPIO device during unregister regulator_unregister() already frees the associated GPIO device. On ThinkPad X9 (Lunar Lake), this causes a double free issue that leads to random failures when other drivers (typically Intel THC) attempt to allocate interrupts. The root cause is that the reference count of the pinctrl_intel_platform module unexpectedly drops to zero when this driver defers its probe. This behavior can also be reproduced by unloading the module directly. Fix the issue by removing the redundant release of the GPIO device during regulator unregistration.

INFO

Published Date :

2025-12-08T00:46:20.017Z

Last Modified :

2025-12-08T00:46:20.017Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40296 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40296.

URL Resource
https://git.kernel.org/stable/c/b8113bb56c45bd17bac5144b55591f9cdbd6aabe cve-icon cve-icon
https://git.kernel.org/stable/c/f0f7a3f542c1698edb69075f25a3f846207facba cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025120818-CVE-2025-40296-0769@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40296 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40296 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact