CVE-2025-40043Linux vulnerability

55 documents7 sources
Severity
7.8HIGHOSV
OSV5.5OSV3.2
No vector
EPSS
0.1%
top 81.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedOct 28
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nci_init_req, which was introduced by commit 5aca7966d2a7 ("Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools"). This bug arises due to very limited and poor input validation that was done at nic_valid_size(). This validation only validates the skb->len (directl

Affected Packages7 packages

Linuxlinux/linux_kernel3.2.05.15.195+4
Debianlinux/linux_kernel< 6.1.158-1+2
Ubuntulinux/linux_kernel< 5.15.0-170.180+2
CVEListV5linux/linux6a2968aaf50c7a22fced77a5e24aa636281efca88fcc7315a10a84264e55bb65ede10f0af20a983f+6

🔴Vulnerability Details

27
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23

📋Vendor Advisories

27
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01