CVE-2025-40159

EPSS 0.02%
Veröffentlicht 12.11.2025 10:24:36
Zuletzt bearbeitet 12.11.2025 16:19:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

xsk: Harden userspace-supplied xdp_desc validation

Turned out certain clearly invalid values passed in xdp_desc from
userspace can pass xp_{,un}aligned_validate_desc() and then lead
to UBs or just invalid frames to be queued for xmit.

desc->len close to ``U32_MAX`` with a non-zero pool->tx_metadata_len
can cause positive integer overflow and wraparound, the same way low
enough desc->addr with a non-zero pool->tx_metadata_len can cause
negative integer overflow. Both scenarios can then pass the
validation successfully.
This doesn't happen with valid XSk applications, but can be used
to perform attacks.

Always promote desc->len to ``u64`` first to exclude positive
overflows of it. Use explicit check_{add,sub}_overflow() when
validating desc->addr (which is ``u64`` already).

bloat-o-meter reports a little growth of the code size:

add/remove: 0/0 grow/shrink: 2/1 up/down: 60/-16 (44)
Function                                     old     new   delta
xskq_cons_peek_desc                          299     330     +31
xsk_tx_peek_release_desc_batch               973    1002     +29
xsk_generic_xmit                            3148    3132     -16

but hopefully this doesn't hurt the performance much.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 1463cd066f32efd56ddfd3ac4e3524200f362980

Version 341ac980eab90ac1f6c22ee9f9da83ed9604d899

Status affected

Version < 5b5fffa7c81e55d8c8edf05ad40d811ec7047e21

Version 341ac980eab90ac1f6c22ee9f9da83ed9604d899

Status affected

Version < 07ca98f906a403637fc5e513a872a50ef1247f3b

Version 341ac980eab90ac1f6c22ee9f9da83ed9604d899

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.8

Status affected

Version < 6.8

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.54

Status unaffected

Version <= 6.17.*

Version 6.17.4

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/1463cd066f32efd56ddfd3ac4e3524200f362980

https://git.kernel.org/stable/c/5b5fffa7c81e55d8c8edf05ad40d811ec7047e21

https://git.kernel.org/stable/c/07ca98f906a403637fc5e513a872a50ef1247f3b

https://nvd.nist.gov/vuln/detail/CVE-2025-40159

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40159

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40159

EUVD