-

CVE-2025-40277

EPSS 0.03%
Veröffentlicht 06.12.2025 21:51:00
Zuletzt bearbeitet 08.12.2025 18:26:49
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE

This data originates from userspace and is used in buffer offset
calculations which could potentially overflow causing an out-of-bounds
access.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < e58559845021c3bad5e094219378b869157fad53

Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Status affected

Version < 54d458b244893e47bda52ec3943fdfbc8d7d068b

Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Status affected

Version < 709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173

Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Status affected

Version < a3abb54c27b2c393c44362399777ad2f6e1ff17e

Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Status affected

Version < b5df9e06eed3df6a4f5c6f8453013b0cabb927b4

Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Status affected

Version < 5aea2cde03d4247cdcf53f9ab7d0747c9dca1cfc

Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Status affected

Version < f3f3a8eb3f0ba799fae057091d8c67cca12d6fa0

Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Status affected

Version < 32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af

Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.3

Status affected

Version < 4.3

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.302

Status unaffected

Version <= 5.10.*

Version 5.10.247

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.117

Status unaffected

Version <= 6.12.*

Version 6.12.59

Status unaffected

Version <= 6.17.*

Version 6.17.9

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/e58559845021c3bad5e094219378b869157fad53

https://git.kernel.org/stable/c/54d458b244893e47bda52ec3943fdfbc8d7d068b

https://git.kernel.org/stable/c/709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173

https://git.kernel.org/stable/c/a3abb54c27b2c393c44362399777ad2f6e1ff17e

https://git.kernel.org/stable/c/b5df9e06eed3df6a4f5c6f8453013b0cabb927b4

https://git.kernel.org/stable/c/5aea2cde03d4247cdcf53f9ab7d0747c9dca1cfc

https://git.kernel.org/stable/c/f3f3a8eb3f0ba799fae057091d8c67cca12d6fa0

https://git.kernel.org/stable/c/32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af

https://nvd.nist.gov/vuln/detail/CVE-2025-40277

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40277

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40277

EUVD