{"id":"CVE-2025-40070","summary":"pps: fix warning in pps_register_cdev when register device fail","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npps: fix warning in pps_register_cdev when register device fail\n\nSimilar to previous commit 2a934fdb01db (\"media: v4l2-dev: fix error\nhandling in __video_register_device()\"), the release hook should be set\nbefore device_register(). Otherwise, when device_register() return error\nand put_device() try to callback the release function, the below warning\nmay happen.\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 1 PID: 4760 at drivers/base/core.c:2567 device_release+0x1bd/0x240 drivers/base/core.c:2567\n  Modules linked in:\n  CPU: 1 UID: 0 PID: 4760 Comm: syz.4.914 Not tainted 6.17.0-rc3+ #1 NONE\n  RIP: 0010:device_release+0x1bd/0x240 drivers/base/core.c:2567\n  Call Trace:\n   \u003cTASK\u003e\n   kobject_cleanup+0x136/0x410 lib/kobject.c:689\n   kobject_release lib/kobject.c:720 [inline]\n   kref_put include/linux/kref.h:65 [inline]\n   kobject_put+0xe9/0x130 lib/kobject.c:737\n   put_device+0x24/0x30 drivers/base/core.c:3797\n   pps_register_cdev+0x2da/0x370 drivers/pps/pps.c:402\n   pps_register_source+0x2f6/0x480 drivers/pps/kapi.c:108\n   pps_tty_open+0x190/0x310 drivers/pps/clients/pps-ldisc.c:57\n   tty_ldisc_open+0xa7/0x120 drivers/tty/tty_ldisc.c:432\n   tty_set_ldisc+0x333/0x780 drivers/tty/tty_ldisc.c:563\n   tiocsetd drivers/tty/tty_io.c:2429 [inline]\n   tty_ioctl+0x5d1/0x1700 drivers/tty/tty_io.c:2728\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:598 [inline]\n   __se_sys_ioctl fs/ioctl.c:584 [inline]\n   __x64_sys_ioctl+0x194/0x210 fs/ioctl.c:584\n   do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n   do_syscall_64+0x5f/0x2a0 arch/x86/entry/syscall_64.c:94\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n   \u003c/TASK\u003e\n\nBefore commit c79a39dc8d06 (\"pps: Fix a use-after-free\"),\npps_register_cdev() call device_create() to create pps-\u003edev, which will\ninit dev-\u003erelease to device_create_release(). Now the comment is outdated,\njust remove it.\n\nThanks for the reminder from Calvin Owens, 'kfree_pps' should be removed\nin pps_register_source() to avoid a double free in the failure case.","modified":"2026-04-16T04:32:21.792154372Z","published":"2025-10-28T11:48:38.838Z","related":["SUSE-SU-2025:4393-1","SUSE-SU-2025:4422-1","SUSE-SU-2025:4505-1","SUSE-SU-2025:4515-1","SUSE-SU-2025:4516-1","SUSE-SU-2025:4517-1","SUSE-SU-2025:4521-1","SUSE-SU-2026:20012-1","SUSE-SU-2026:20015-1","SUSE-SU-2026:20021-1","SUSE-SU-2026:20039-1","SUSE-SU-2026:20059-1","SUSE-SU-2026:20473-1","SUSE-SU-2026:20496-1","openSUSE-SU-2025:15702-1","openSUSE-SU-2025:20172-1","openSUSE-SU-2026:10301-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40070.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0f97564a1fb62f34b3b498e2f12caffbe99c004a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/125527db41805693208ee1aacd7f3ffe6a3a489c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2a194707ca27a3b0523023fa8b446e5ec922dc51"},{"type":"WEB","url":"https://git.kernel.org/stable/c/38c7bb10aae5118dd48fa7a82f7bf93839bcc320"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4cbd7450a22c5ee4842fc4175ad06c0c82ea53a8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b0531cdba5029f897da5156815e3bdafe1e9b88d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cf71834a0cfc394c72d62fd6dbb470ee13cf8f5e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f01fa3588e0b3cb1540f56d2c6bd99e5b3810234"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40070.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40070"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"785c78ed0d39d1717cca3ef931d3e51337b5e90e"},{"fixed":"38c7bb10aae5118dd48fa7a82f7bf93839bcc320"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1a7735ab2cb9747518a7416fb5929e85442dec62"},{"fixed":"2a194707ca27a3b0523023fa8b446e5ec922dc51"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c4041b6b0a7a3def8cf3f3d6120ff337bc4c40f7"},{"fixed":"125527db41805693208ee1aacd7f3ffe6a3a489c"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"91932db1d96b2952299ce30c1c693d834d10ace6"},{"fixed":"4cbd7450a22c5ee4842fc4175ad06c0c82ea53a8"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"cd3bbcb6b3a7caa5ce67de76723b6d8531fb7f64"},{"fixed":"cf71834a0cfc394c72d62fd6dbb470ee13cf8f5e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7e5ee3281dc09014367f5112b6d566ba36ea2d49"},{"fixed":"f01fa3588e0b3cb1540f56d2c6bd99e5b3810234"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c79a39dc8d060b9e64e8b0fa9d245d44befeefbe"},{"fixed":"0f97564a1fb62f34b3b498e2f12caffbe99c004a"},{"fixed":"b0531cdba5029f897da5156815e3bdafe1e9b88d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"85241f7de216f8298f6e48540ea13d7dcd100870"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40070.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.301"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.246"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.195"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.156"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.112"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.53"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40070.json"}}],"schema_version":"1.7.5"}