CVE-2025-40199Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read15 documents6 sources
Severity
7.0HIGH
No vector
EPSS
0.0%
top 94.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedNov 12
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Helge reported that the introduction of PP_MAGIC_MASK let to crashes on boot on his 32-bit parisc machine. The cause of this is the mask is set too wide, so the page_pool_page_is_pp() incurs false positives which crashes the machine. Just disabling the check in page_pool_is_pp() will lead to the page_pool code itself malfunctioning; so instead of doing this,

Affected Packages5 packages

Linuxlinux/linux_kernel6.13.06.17.4+1
Debianlinux/linux_kernel< 6.12.57-1+1
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linux4f51fb0d257ff4d406ec27966902de075e3b118e15b8a5b4cdc16e9a8bb2a548e12a0fd92997605a+4
debiandebian/linux< linux 6.17.6-1 (forky)

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches2025-11-12