CVE-2025-40031

In the Linux kernel, the following vulnerability has been resolved:

tee: fix register_shm_helper()

In register_shm_helper(), fix incorrect error handling for a call to
iov_iter_extract_pages(). A case is missing for when
iov_iter_extract_pages() only got some pages and return a number larger
than 0, but not the requested amount.

This fixes a possible NULL pointer dereference following a bad input from
ioctl(TEE_IOC_SHM_REGISTER) where parts of the buffer isn’t mapped.

More information : https://git.kernel.org/stable/c/6a7874ab814ce12003c46a92f7afc9b035c8e8e9