CVE-2025-40172Linux vulnerability

33 documents7 sources
Severity
5.5MEDIUMOSV
OSV3.2
No vector
EPSS
0.0%
top 92.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedNov 12
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Currently, if find_and_map_user_pages() takes a DMA xfer request from the user with a length field set to 0, or in a rare case, the host receives QAIC_TRANS_DMA_XFER_CONT from the device where resources->xferred_dma_size is equal to the requested transaction size, the function will return 0 before allocating an sgt or setting the fields of the dma_xfer stru

Affected Packages6 packages

Linuxlinux/linux_kernel6.5.06.6.114+2
Debianlinux/linux_kernel< 6.12.57-1+1
Ubuntulinux/linux_kernel< 6.8.0-106.106+1
CVEListV5linux/linux96d3c1cadedb6ae2e8965e19cd12caa244afbd9c48b1d42286bfef7628b1d6c8c28d4e456c90f725+5

🔴Vulnerability Details

16
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23
OSV
linux-realtime, linux-realtime-6.8 vulnerabilities2026-03-17

📋Vendor Advisories

16
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2026-03-23