CVE-2025-40296 | platform/x86: int3472: Fix double free of GPIO device during unregister

In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Fix double free of GPIO device during unregister regulator_unregister() already frees the associated GPIO device. On ThinkPad X9 (Lunar Lake), this causes a double free issue that leads to random failures when other drivers (typically Intel THC) attempt to allocate interrupts. The root cause is that the reference count of the pinctrl_intel_platform module unexpectedly drops to zero when this driver defers its probe. This behavior can also be reproduced by unloading the module directly. Fix the issue by removing the redundant release of the GPIO device during regulator unregistration.

Published: 2025-12-08 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2025-40296 is rated Low Risk (3.9/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-40296

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-08	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-40296

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-40296

OS Trackers for CVE-2025-40296

vendor	priority	summary	link
`debian`	unimportant	CVE-2025-40296 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2025-40296
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2025-40296
`suse`	medium	CVE-2025-40296 severity moderate: SUSE including 26 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 275 product×package rows across 55 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE Linux Enterprise High Availability Extension 15 SP3, … (55 product lines)): Known Not Affected 275.	https://www.suse.com/security/cve/CVE-2025-40296/
`ubuntu`	medium	CVE-2025-40296 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 172, not-affected 124, released 97, needed 2.	https://ubuntu.com/security/CVE-2025-40296

Affected software / configurations for CVE-2025-40296

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2025-40296

URL	Tags
https://git.kernel.org/stable/c/b8113bb56c45bd17bac5144b55591f9cdbd6aabe
https://git.kernel.org/stable/c/f0f7a3f542c1698edb69075f25a3f846207facba

cvelogic Threat Intelligence