CVE-2025-40034 Affecting kernel-uek-doc package, versions <0:5.15.0-317.197.5.1.el8uek
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ORACLE8-KERNELUEKDOC-15306015
- published17 Feb 2026
- disclosed28 Oct 2025
Introduced: 28 Oct 2025
CVE-2025-40034 (opens in a new tab)How to fix?
Upgrade Oracle:8 kernel-uek-doc to version 0:5.15.0-317.197.5.1.el8uek or higher.
This issue was patched in ELSA-2026-50113.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-doc package and not the kernel-uek-doc package as distributed by Oracle.
See How to fix? for Oracle:8 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()
When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER Capability and therefore dev->aer_info, which contains AER stats and ratelimiting data, is NULL.
pci_dev_aer_stats_incr() already checks dev->aer_info for NULL, but aer_ratelimit() did not, leading to NULL pointer dereferences like this one from the URL below:
{1}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 0 {1}[Hardware Error]: event severity: corrected {1}[Hardware Error]: device_id: 0000:00:00.0 {1}[Hardware Error]: vendor_id: 0x8086, device_id: 0x2020 {1}[Hardware Error]: aer_cor_status: 0x00001000, aer_cor_mask: 0x00002000 BUG: kernel NULL pointer dereference, address: 0000000000000264 RIP: 0010:___ratelimit+0xc/0x1b0 pci_print_aer+0x141/0x360 aer_recover_work_func+0xb5/0x130
[8086:2020] is an Intel "Sky Lake-E DMI3 Registers" device that claims to be a Root Port but does not advertise an AER Capability.
Add a NULL check in aer_ratelimit() to avoid the NULL pointer dereference. Note that this also prevents ratelimiting these events from GHES.
[bhelgaas: add crash details to commit log]
References
- https://linux.oracle.com/cve/CVE-2025-40034.html
- https://linux.oracle.com/errata/ELSA-2026-50112.html
- https://linux.oracle.com/errata/ELSA-2026-50113.html
- https://git.kernel.org/stable/c/41683624cbff0a26bb7e0627f4a7e1b51a8779a8
- https://git.kernel.org/stable/c/deb2f228388ff3a9d0623e3b59a053e9235c341d