Linux Kernel accel/qaic Race Condition in bootlog Init
CVE-2025-40177 Published on November 12, 2025
accel/qaic: Fix bootlog initialization ordering
In the Linux kernel, the following vulnerability has been resolved:
accel/qaic: Fix bootlog initialization ordering
As soon as we queue MHI buffers to receive the bootlog from the device,
we could be receiving data. Therefore all the resources needed to
process that data need to be setup prior to queuing the buffers.
We currently initialize some of the resources after queuing the buffers
which creates a race between the probe() and any data that comes back
from the device. If the uninitialized resources are accessed, we could
see page faults.
Fix the init ordering to close the race.
Products Associated with CVE-2025-40177
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
Linux:- Version 5f8df5c6def641c164ed1b673d47a41fdd0013f8 and below 646868e6962b14e25ae7462fdd1fb061b40c1f16 is affected.
- Version 5f8df5c6def641c164ed1b673d47a41fdd0013f8 and below 48814afc7372f96a9584125c8508dffc88d1d378 is affected.
- Version 5f8df5c6def641c164ed1b673d47a41fdd0013f8 and below fd6e385528d8f85993b7bfc6430576136bb14c65 is affected.
- Version 6.10 is affected.
- Before 6.10 is unaffected.
- Version 6.12.55, <= 6.12.* is unaffected.
- Version 6.17.5, <= 6.17.* is unaffected.
- Version 6.18, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.