{"id":"CVE-2025-40034","summary":"PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/AER: Avoid NULL pointer dereference in aer_ratelimit()\n\nWhen platform firmware supplies error information to the OS, e.g., via the\nACPI APEI GHES mechanism, it may identify an error source device that\ndoesn't advertise an AER Capability and therefore dev-\u003eaer_info, which\ncontains AER stats and ratelimiting data, is NULL.\n\npci_dev_aer_stats_incr() already checks dev-\u003eaer_info for NULL, but\naer_ratelimit() did not, leading to NULL pointer dereferences like this one\nfrom the URL below:\n\n  {1}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 0\n  {1}[Hardware Error]: event severity: corrected\n  {1}[Hardware Error]:   device_id: 0000:00:00.0\n  {1}[Hardware Error]:   vendor_id: 0x8086, device_id: 0x2020\n  {1}[Hardware Error]:   aer_cor_status: 0x00001000, aer_cor_mask: 0x00002000\n  BUG: kernel NULL pointer dereference, address: 0000000000000264\n  RIP: 0010:___ratelimit+0xc/0x1b0\n  pci_print_aer+0x141/0x360\n  aer_recover_work_func+0xb5/0x130\n\n[8086:2020] is an Intel \"Sky Lake-E DMI3 Registers\" device that claims to\nbe a Root Port but does not advertise an AER Capability.\n\nAdd a NULL check in aer_ratelimit() to avoid the NULL pointer dereference.\nNote that this also prevents ratelimiting these events from GHES.\n\n[bhelgaas: add crash details to commit log]","modified":"2026-04-02T12:48:15.700738Z","published":"2025-10-28T11:48:16.335Z","related":["openSUSE-SU-2025:15702-1","openSUSE-SU-2026:10301-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40034.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/41683624cbff0a26bb7e0627f4a7e1b51a8779a8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/deb2f228388ff3a9d0623e3b59a053e9235c341d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40034.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40034"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a57f2bfb4a5863f83087867c0e671f2418212d23"},{"fixed":"41683624cbff0a26bb7e0627f4a7e1b51a8779a8"},{"fixed":"deb2f228388ff3a9d0623e3b59a053e9235c341d"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40034.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.16.0"},{"fixed":"6.17.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40034.json"}}],"schema_version":"1.7.5"}