CVE-2025-40202Linux vulnerability

12 documents7 sources
Severity
3.2LOWOSV
No vector
EPSS
0.0%
top 94.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedNov 12
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of issues, improper counting in some cases and a use after free. Restructure how this is all done to handle more in the receive message allocation routine, so all refcouting and user message limit counts are done in that routine. It's a lot cleaner and safer.

Affected Packages6 packages

Linuxlinux/linux_kernel5.19.06.1.157+3
Debianlinux/linux_kernel< 6.1.158-1+2
CVEListV5linux/linux8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82f63723ca7d7623f9dae1990973cd158671f03c56+5
debiandebian/linux< linux 6.1.158-1 (bookworm)

🔴Vulnerability Details

5
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
GHSA
GHSA-cc93-7wpm-wqh7: In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user message2025-11-13
OSV
CVE-2025-40202: In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages2025-11-12
OSV
ipmi: Rework user message limit handling2025-11-12

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Red Hat
kernel: ipmi: Rework user message limit handling2025-11-12
Microsoft
ipmi: Rework user message limit handling2025-11-11