CVE-2025-40169Numeric Range Comparison Without Minimum Check in Linux

CWE-839Numeric Range Comparison Without Minimum Check32 documents6 sources
Severity
3.2LOWOSV
No vector
EPSS
0.0%
top 94.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedNov 12
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the check_alu_op() function validates instructions with ALU operations. The 'offset' field in these instructions is a signed 16-bit integer. The existing check 'insn->off > 1' was intended to ensure the offset is either 0, or 1 for BPF_MOD/BPF_DIV. However, because 'insn->off' is signed, this check incorrectly accepts all negative values (e.g., -1). This c

Affected Packages5 packages

Linuxlinux/linux_kernel6.6.06.6.112+2
Debianlinux/linux_kernel< 6.12.57-1+1
Ubuntulinux/linux_kernel< 6.8.0-106.106+1
CVEListV5linux/linuxec0e2da95f72d4a46050a4d994e4fe471474fd803bce44b344040e5eef3d64d38b157c15304c0aab+4
debiandebian/linux< linux 6.17.6-1 (forky)

🔴Vulnerability Details

16
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23
OSV
linux-realtime, linux-realtime-6.8 vulnerabilities2026-03-17

📋Vendor Advisories

15
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2026-03-23