-
CVE-2025-40043
- EPSS 0.06%
- Veröffentlicht 28.10.2025 11:48:22
- Zuletzt bearbeitet 30.10.2025 15:05:32
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved:
net: nfc: nci: Add parameter validation for packet data
Syzbot reported an uninitialized value bug in nci_init_req, which was
introduced by commit 5aca7966d2a7 ("Merge tag
'perf-tools-fixes-for-v6.17-2025-09-16' of
git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools").
This bug arises due to very limited and poor input validation
that was done at nic_valid_size(). This validation only
validates the skb->len (directly reflects size provided at the
userspace interface) with the length provided in the buffer
itself (interpreted as NCI_HEADER). This leads to the processing
of memory content at the address assuming the correct layout
per what opcode requires there. This leads to the accesses to
buffer of `skb_buff->data` which is not assigned anything yet.
Following the same silent drop of packets of invalid sizes at
`nic_valid_size()`, add validation of the data in the respective
handlers and return error values in case of failure. Release
the skb if error values are returned from handlers in
`nci_nft_packet` and effectively do a silent drop
Possible TODO: because we silently drop the packets, the
call to `nci_request` will be waiting for completion of request
and will face timeouts. These timeouts can get excessively logged
in the dmesg. A proper handling of them may require to export
`nci_request_cancel` (or propagate error handling from the
nft packets handlers).Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
8fcc7315a10a84264e55bb65ede10f0af20a983f
Version
6a2968aaf50c7a22fced77a5e24aa636281efca8
Status
affected
Version <
bfdda0123dde406dbff62e7e9136037e97998a15
Version
6a2968aaf50c7a22fced77a5e24aa636281efca8
Status
affected
Version <
0ba68bea1e356f466ad29449938bea12f5f3711f
Version
6a2968aaf50c7a22fced77a5e24aa636281efca8
Status
affected
Version <
74837bca0748763a77f77db47a0bdbe63b347628
Version
6a2968aaf50c7a22fced77a5e24aa636281efca8
Status
affected
Version <
c395d1e548cc68e84584ffa2e3ca9796a78bf7b9
Version
6a2968aaf50c7a22fced77a5e24aa636281efca8
Status
affected
Version <
9c328f54741bd5465ca1dc717c84c04242fac2e1
Version
6a2968aaf50c7a22fced77a5e24aa636281efca8
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
3.2
Status
affected
Version <
3.2
Version
0
Status
unaffected
Version <=
5.15.*
Version
5.15.195
Status
unaffected
Version <=
6.1.*
Version
6.1.156
Status
unaffected
Version <=
6.6.*
Version
6.6.112
Status
unaffected
Version <=
6.12.*
Version
6.12.53
Status
unaffected
Version <=
6.17.*
Version
6.17.3
Status
unaffected
Version <=
*
Version
6.18
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.188 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|