-

CVE-2025-40331

EPSS 0.02%
Veröffentlicht 09.12.2025 04:09:48
Zuletzt bearbeitet 09.12.2025 18:36:53
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

sctp: Prevent TOCTOU out-of-bounds write

For the following path not holding the sock lock,

  sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump()

make sure not to exceed bounds in case the address list has grown
between buffer allocation (time-of-check) and write (time-of-use).

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < b106a68df0650b694b254427cd9250c04500edd3

Version 8f840e47f190cbe61a96945c13e9551048d42cef

Status affected

Version < 3006959371007fc2eae4a078f823c680fa52de1a

Version 8f840e47f190cbe61a96945c13e9551048d42cef

Status affected

Version < 72e3fea68eac8d088e44c3dd954e843478e9240e

Version 8f840e47f190cbe61a96945c13e9551048d42cef

Status affected

Version < 584307275b2048991b2e8984962189b6cc0a9b85

Version 8f840e47f190cbe61a96945c13e9551048d42cef

Status affected

Version < c9119f243d9c0da3c3b5f577a328de3e7ffd1b42

Version 8f840e47f190cbe61a96945c13e9551048d42cef

Status affected

Version < 2fe08fcaacb7eb019fa9c81db39b2214de216677

Version 8f840e47f190cbe61a96945c13e9551048d42cef

Status affected

Version < 89eac1e150dbd42963e13d23828cb8c4e0763196

Version 8f840e47f190cbe61a96945c13e9551048d42cef

Status affected

Version < 95aef86ab231f047bb8085c70666059b58f53c09

Version 8f840e47f190cbe61a96945c13e9551048d42cef

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.7

Status affected

Version < 4.7

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.302

Status unaffected

Version <= 5.10.*

Version 5.10.247

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.117

Status unaffected

Version <= 6.12.*

Version 6.12.58

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/b106a68df0650b694b254427cd9250c04500edd3

https://git.kernel.org/stable/c/3006959371007fc2eae4a078f823c680fa52de1a

https://git.kernel.org/stable/c/72e3fea68eac8d088e44c3dd954e843478e9240e

https://git.kernel.org/stable/c/584307275b2048991b2e8984962189b6cc0a9b85

https://git.kernel.org/stable/c/c9119f243d9c0da3c3b5f577a328de3e7ffd1b42

https://git.kernel.org/stable/c/2fe08fcaacb7eb019fa9c81db39b2214de216677

https://git.kernel.org/stable/c/89eac1e150dbd42963e13d23828cb8c4e0763196

https://git.kernel.org/stable/c/95aef86ab231f047bb8085c70666059b58f53c09

https://nvd.nist.gov/vuln/detail/CVE-2025-40331

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40331

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40331

EUVD