-

CVE-2025-40240

EPSS 0.03%
Veröffentlicht 04.12.2025 15:31:29
Zuletzt bearbeitet 04.12.2025 17:15:08
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

sctp: avoid NULL dereference when chunk data buffer is missing

chunk->skb pointer is dereferenced in the if-block where it's supposed
to be NULL only.

chunk->skb can only be NULL if chunk->head_skb is not. Check for frag_list
instead and do it just before replacing chunk->skb. We're sure that
otherwise chunk->skb is non-NULL because of outer if() condition.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 61cda2777b07d27459f5cac5a047c3edf9c8a1a9

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Status affected

Version < 08165c296597075763130919f2aae59b5822f016

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Status affected

Version < 03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196f

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Status affected

Version < 4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Status affected

Version < cb9055ba30306ede4ad920002233d0659982f1cb

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Status affected

Version < 7a832b0f99be19df608cb75c023f8027b1789bd1

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Status affected

Version < 89b465b54227c245ddc7cc9ed822231af21123ef

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Status affected

Version < 441f0647f7673e0e64d4910ef61a5fb8f16bfb82

Version 90017accff61ae89283ad9a51f9ac46ca01633fb

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.8

Status affected

Version < 4.8

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.301

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.196

Status unaffected

Version <= 6.1.*

Version 6.1.158

Status unaffected

Version <= 6.6.*

Version 6.6.115

Status unaffected

Version <= 6.12.*

Version 6.12.56

Status unaffected

Version <= 6.17.*

Version 6.17.6

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.087

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/61cda2777b07d27459f5cac5a047c3edf9c8a1a9

https://git.kernel.org/stable/c/08165c296597075763130919f2aae59b5822f016

https://git.kernel.org/stable/c/03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196f

https://git.kernel.org/stable/c/4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71

https://git.kernel.org/stable/c/cb9055ba30306ede4ad920002233d0659982f1cb

https://git.kernel.org/stable/c/7a832b0f99be19df608cb75c023f8027b1789bd1

https://git.kernel.org/stable/c/89b465b54227c245ddc7cc9ed822231af21123ef

https://git.kernel.org/stable/c/441f0647f7673e0e64d4910ef61a5fb8f16bfb82

https://nvd.nist.gov/vuln/detail/CVE-2025-40240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40240

EUVD