CVE-2025-40050 — Improper Handling of Unexpected Data Type in Linux

CWE-241 — Improper Handling of Unexpected Data Type15 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 91.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 28

Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer In check_alu_op(), the verifier currently calls check_reg_arg() and adjust_scalar_min_max_vals() unconditionally for BPF_NEG operations. However, if the destination register holds a pointer, these scalar adjustments are unnecessary and potentially incorrect. This patch adds a check to skip the adjustment logic when the destination register contains a pointer.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.17.0 — 6.17.3

▶Ubuntulinux/linux_kernel< 6.17.0-14.14

▶CVEListV5linux/linuxaced132599b3c8884c050218d4c48eef203678f6 — b9ef4963227246b9222e1559ddeec8e7af63e6c6+2

▶debiandebian/linux

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2026-02-24

▶

OSV

linux-oem-6.17 vulnerabilities↗2026-02-17

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2026-02-17

▶

OSV

linux-gcp vulnerabilities↗2026-02-12

▶

OSV

linux, linux-raspi, linux-realtime vulnerabilities↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-02-17

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-12

▶

Red Hat

kernel: bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer↗2025-10-28

▶