CVE-2025-40236 — Linux vulnerability

15 documents6 sources

Severity

—N/A

No vector

EPSS

0.0%

top 89.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 4

Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: virtio-net: zero unused hash fields When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may leak information to another side. Fixing this by zeroing the unused hash fields.

Affected Packages5 packages

▶Linuxlinux/linux_kernel6.17.0 — 6.17.6

▶Debianlinux/linux_kernel< 6.17.6-1

▶Ubuntulinux/linux_kernel< 6.17.0-14.14

▶CVEListV5linux/linuxa2fb4bc4e2a6a031683910d85b278c1d25ae5420 — b625d231c66a6041e98817ffc944bf6e4c45b2e3+2

▶debiandebian/linux< linux 6.17.6-1 (forky)

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2026-02-24

▶

OSV

linux-oem-6.17 vulnerabilities↗2026-02-17

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2026-02-17

▶

OSV

linux-gcp vulnerabilities↗2026-02-12

▶

OSV

linux, linux-raspi, linux-realtime vulnerabilities↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-02-17

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-12

▶

Red Hat

kernel: virtio-net: zero unused hash fields↗2025-12-04

▶