CVE-2025-40034: 
Linux Kernel vulnerability analysis and mitigation

A NULL pointer dereference vulnerability was discovered in the Linux kernel's PCI/AER (Advanced Error Reporting) functionality, specifically in the aer_ratelimit() function. The vulnerability was disclosed on October 28, 2025. This issue affects the Linux kernel when platform firmware supplies error information to the OS through the ACPI APEI GHES mechanism (NVD, RedHat).

The vulnerability occurs when platform firmware identifies an error source device that doesn't advertise an AER Capability, resulting in dev->aerinfo being NULL. While pcidevaerstatsincr() includes a NULL check for dev->aerinfo, the aer_ratelimit() function did not implement this check, leading to NULL pointer dereferences. The issue specifically affects Intel 'Sky Lake-E DMI3 Registers' devices that claim to be Root Ports but do not advertise an AER Capability. The vulnerability has been assigned a CVSS v3.1 score of 7.0 (HIGH) with vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (RedHat).

When exploited, this vulnerability can lead to a kernel NULL pointer dereference, potentially resulting in a system crash or denial of service condition. The impact is particularly relevant when the system processes hardware error information through the ACPI APEI GHES mechanism (NVD).

The vulnerability has been patched by adding a NULL check in the aerratelimit() function. The fix prevents NULL pointer dereference by validating dev->aerinfo before access. Note that this also affects the ratelimiting of events from GHES (NVD).