CVE-2025-40108
Vulnerability Scoring
Analysis In Progress
CVE-2025-40108 Vulnerability Analysis & Exploit Details
CVE-2025-40108
Attack Complexity Details
-
Attack Complexity:
Attack Complexity Analysis In Progress
-
Attack Vector:
Attack Vector Under Analysis
-
Privileges Required:
None
No authentication is required for exploitation.
-
Scope:
Impact is confined to the initially vulnerable component.
-
User Interaction:
None
No user interaction is necessary for exploitation.
CVE-2025-40108 Details
Status: Received on 09 Nov 2025, 05:15 UTC
Published on: 09 Nov 2025, 05:15 UTC
CVSS Release:
CVE-2025-40108 Vulnerability Summary
CVE-2025-40108: In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for serial driver") and its dependent commit 86fa39dd6fb7 ("serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms") because the first one causes regression - hang task on Qualcomm RB1 board (QRB2210) and unable to use serial at all during normal boot: INFO: task kworker/u16:0:12 blocked for more than 42 seconds. Not tainted 6.17.0-rc1-00004-g53e760d89498 #9 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u16:0 state:D stack:0 pid:12 tgid:12 ppid:2 task_flags:0x4208060 flags:0x00000010 Workqueue: async async_run_entry_fn Call trace: __switch_to+0xe8/0x1a0 (T) __schedule+0x290/0x7c0 schedule+0x34/0x118 rpm_resume+0x14c/0x66c rpm_resume+0x2a4/0x66c rpm_resume+0x2a4/0x66c rpm_resume+0x2a4/0x66c __pm_runtime_resume+0x50/0x9c __driver_probe_device+0x58/0x120 driver_probe_device+0x3c/0x154 __driver_attach_async_helper+0x4c/0xc0 async_run_entry_fn+0x34/0xe0 process_one_work+0x148/0x290 worker_thread+0x2c4/0x3e0 kthread+0x118/0x1c0 ret_from_fork+0x10/0x20 The issue was reported on 12th of August and was ignored by author of commits introducing issue for two weeks. Only after complaining author produced a fix which did not work, so if original commits cannot be reliably fixed for 5 weeks, they obviously are buggy and need to be dropped.
Assessing the Risk of CVE-2025-40108
Access Complexity Graph
The exploitability of CVE-2025-40108 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs).
Exploitability Analysis for CVE-2025-40108
No exploitability data is available for CVE-2025-40108.
Understanding AC and PR
A lower complexity and fewer privilege requirements make exploitation easier. Security teams should evaluate these aspects to determine the urgency of mitigation strategies, such as patch management and access control policies.
Attack Complexity (AC) measures the difficulty in executing an exploit. A high AC means that specific conditions must be met, making an attack more challenging, while a low AC means the vulnerability can be exploited with minimal effort.
Privileges Required (PR) determine the level of system access necessary for an attack. Vulnerabilities requiring no privileges are more accessible to attackers, whereas high privilege requirements limit exploitation to authorized users with elevated access.
CVSS Score Breakdown Chart
Above is the CVSS Sub-score Breakdown for CVE-2025-40108, illustrating how Base, Impact, and Exploitability factors combine to form the overall severity rating. A higher sub-score typically indicates a more severe or easier-to-exploit vulnerability.
CIA Impact Analysis
Below is the Impact Analysis for CVE-2025-40108, showing how Confidentiality, Integrity, and Availability might be affected if the vulnerability is exploited. Higher values usually signal greater potential damage.
-
Confidentiality:
None
CVE-2025-40108 does not compromise confidentiality.
-
Integrity:
None
CVE-2025-40108 does not impact data integrity.
-
Availability:
None
CVE-2025-40108 does not affect system availability.
CVE-2025-40108 References
External References
- https://git.kernel.org/stable/c/1e810d81769e16637bcd845ba37fbc1eba5d4bd2
- https://git.kernel.org/stable/c/a699213d4e6ef4286348c6439837990f121e0c03
CWE Common Weakness Enumeration
Unknown
Protect Your Infrastructure against CVE-2025-40108: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.
Other 5 Recently Published CVEs Vulnerabilities
- CVE-2025-40109 – In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure set_ent is always present Ensure that set_ent is always ...
- CVE-2025-40108 – In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 ("serial: qcom...
- CVE-2025-12916 – A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fo...
- CVE-2025-12915 – A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipu...
- CVE-2025-12914 – A vulnerability has been found in aaPanel BaoTa up to 11.1.0. This vulnerability affects unknown code of the file /database?action=GetDatabaseAcces...