CVE-2025-40232Type Confusion in Linux

CWE-843Type Confusion10 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 4
Latest updateDec 15

Description

In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabled_monitors to use list_head as iterator The callbacks in enabled_monitors_seq_ops are inconsistent. Some treat the iterator as struct rv_monitor *, while others treat the iterator as struct list_head *. This causes a wrong type cast and crashes the system as reported by Nathan. Convert everything to use struct list_head * as iterator. This also makes enabled_monitors consistent with available_monitors

Affected Packages4 packages

Linuxlinux/linux_kernel6.17.06.17.6
Ubuntulinux/linux_kernel< 6.17.0-8.8
CVEListV5linux/linuxde090d1ccae1e191af4beb92964591c6e4f31f288948a0338d33c4a7ef1e0c439a3ad1d5fe9355ae+2
debiandebian/linux

🔴Vulnerability Details

5
OSV
linux-raspi vulnerabilities2025-12-15
OSV
linux, linux-aws, linux-gcp, linux-realtime vulnerabilities2025-12-10
OSV
CVE-2025-40232: In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabled_monitors to use list_head as iterator The callbacks in e2025-12-04
OSV
rv: Fully convert enabled_monitors to use list_head as iterator2025-12-04
GHSA
GHSA-rxcq-c8g5-8g6j: In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabled_monitors to use list_head as iterator The callbacks in2025-12-04

📋Vendor Advisories

4
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-12-15
Ubuntu
Linux kernel vulnerabilities2025-12-10
Red Hat
kernel: rv: Fully convert enabled_monitors to use list_head as iterator2025-12-04
Debian
CVE-2025-40232: linux - In the Linux kernel, the following vulnerability has been resolved: rv: Fully c...2025