-

CVE-2025-40240

EPSS 0.04%
Veröffentlicht 04.12.2025 15:31:29
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved:

sctp: avoid NULL dereference when chunk data buffer is missing

chunk->skb pointer is dereferenced in the if-block where it's supposed
to be NULL only.

chunk->skb can only be NULL if chunk->head_skb is not. Check for frag_list
instead and do it just before replacing chunk->skb. We're sure that
otherwise chunk->skb is non-NULL because of outer if() condition.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Version < 61cda2777b07d27459f5cac5a047c3edf9c8a1a9

Status affected

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Version < 08165c296597075763130919f2aae59b5822f016

Status affected

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Version < 03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196f

Status affected

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Version < 4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71

Status affected

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Version < cb9055ba30306ede4ad920002233d0659982f1cb

Status affected

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Version < 7a832b0f99be19df608cb75c023f8027b1789bd1

Status affected

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Version < 89b465b54227c245ddc7cc9ed822231af21123ef

Status affected

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Version < 441f0647f7673e0e64d4910ef61a5fb8f16bfb82

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.8

Status affected

Version 0

Version < 4.8

Status unaffected

Version <= 5.4.*

Version 5.4.301

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.196

Status unaffected

Version <= 6.1.*

Version 6.1.158

Status unaffected

Version <= 6.6.*

Version 6.6.115

Status unaffected

Version <= 6.12.*

Version 6.12.56

Status unaffected

Version <= 6.17.*

Version 6.17.6

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.122

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/61cda2777b07d27459f5cac5a047c3edf9c8a1a9

https://git.kernel.org/stable/c/08165c296597075763130919f2aae59b5822f016

https://git.kernel.org/stable/c/03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196f

https://git.kernel.org/stable/c/4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71

https://git.kernel.org/stable/c/cb9055ba30306ede4ad920002233d0659982f1cb

https://git.kernel.org/stable/c/7a832b0f99be19df608cb75c023f8027b1789bd1

https://git.kernel.org/stable/c/89b465b54227c245ddc7cc9ed822231af21123ef

https://git.kernel.org/stable/c/441f0647f7673e0e64d4910ef61a5fb8f16bfb82

https://nvd.nist.gov/vuln/detail/CVE-2025-40240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40240

EUVD