CVE-2025-40152: 
Linux Ubuntu vulnerability analysis and mitigation

CVE-2025-40152 is a vulnerability discovered in the Linux kernel affecting the DRM (Direct Rendering Manager) MSM driver. The issue was disclosed on November 12, 2025, and involves an uninitialized access to drm_gem_obj.gpuva.list when the drm driver does not support the DRIVER_GEM_GPUVA feature (NVD).

The vulnerability occurs in the drm/msm component when the separate_gpu_drm modparam is set. Specifically, the drm_gem_for_each_gpuvm_bo() call from lookup_vma() attempts to access drm_gem_obj.gpuva.list, which is not properly initialized when the DRM driver lacks DRIVER_GEM_GPUVA feature support. This results in a kernel paging request failure at virtual address fffffffffffffff0, leading to a level 2 translation fault and subsequent system crash (NVD).

When exploited, this vulnerability causes a kernel panic (system crash) on affected systems, specifically when the msm.separate_gpu_drm=1 parameter is set. This results in a denial of service condition, making the system temporarily unavailable (NVD).

The vulnerability has been resolved by enabling the DRIVER_GEM_GPUVA feature for the msm_kms DRM driver. This fix properly initializes the required data structures when the separate_gpu_drm modparam is set (NVD).