Overview CVE-2025-40245 identifies a critical vulnerability within the Linux kernel affecting the Nios2 architecture when configured with CONFIG_FLATMEM. This flaw stems from the improper initialization of memory limits during early boot, potentially leading to kernel panics due to out-of-bounds memory access. A patch has been released to address this issue. Technical Details The root cause of CVE-2025-40245 lies in the way the memblock.current_limit is handled during the kernel’s boot process on Nios2 systems with CONFIG_FLATMEM enabled. The kernel relies on memblock_get_current_limit() to determine the bounds of mem_map, specifically for calculating max_low_pfn. Before the patch, memblock.current_limit was initialized to MEMBLOCK_ALLOC_ANYWHERE. This…

Overview CVE-2025-40244 describes an uninitialized value vulnerability discovered in the Linux kernel’s HFS+ file system implementation. Specifically, the issue resides within the __hfsplus_ext_cache_extent() function. This flaw could lead to unpredictable behavior and potential security implications if exploited. This issue was identified and reported by syzbot, a Linux kernel fuzzer, and has been addressed in recent kernel updates. Technical Details The vulnerability stems from the use of an uninitialized value within the __hfsplus_ext_cache_extent() function. The KMSAN (Kernel Memory Sanitizer) report highlighted the issue during file extension operations within the HFS+ file system. The specific call trace from the syzbot report is…

Overview CVE-2025-40243 describes an uninitialized value vulnerability found in the Linux kernel’s Hierarchical File System (HFS) driver. Specifically, the issue resides in the hfs_find_set_zero_bits() function. This vulnerability, detected by Kernel Memory SANitizer (KMSAN), could lead to unpredictable behavior, data corruption, or even system instability. A patch has been released to address this issue by ensuring proper memory initialization. Technical Details The vulnerability is located in fs/hfs/bitmap.c, within the hfs_find_set_zero_bits() function. The core problem stems from the way the HFS driver allocates memory for its bitmap buffer. The original code used kmalloc(), which allocates memory but does not guarantee it is…

Overview CVE-2025-40242 describes a race condition vulnerability identified and resolved in the Linux kernel’s GFS2 file system. The vulnerability exists within the gdlm_put_lock() function. This flaw could potentially lead to a denial-of-service (DoS) situation due to dereferencing freed memory. This article provides a detailed analysis of the vulnerability, its potential impact, and mitigation steps. Technical Details The vulnerability lies within the gdlm_put_lock() function in the GFS2 file system. A small window of time exists where the DFL_UNMOUNT flag has been set, indicating an impending unmount, but the lockspace hasn’t actually been released yet. During this brief period, the Distributed Lock…

Overview CVE-2025-40241 describes a vulnerability found in the EROFS (Enhanced Read-Only File System) implementation within the Linux kernel. This flaw, discovered and reported by Robert, stems from improperly handled encoded extents in crafted, potentially corrupted, EROFS images. Successfully exploiting this vulnerability could lead to system crashes. Technical Details The vulnerability centers around two specific issues within the handling of encoded extents introduced in Linux kernel version 6.15: Invalid plen value: The first issue arises when the `plen` (physical length) field of an encoded extent has a non-zero value (e.g., 0x2000000) but does not conform to the expected format as defined…

Overview CVE-2025-40240 describes a NULL dereference vulnerability found and resolved in the Linux kernel’s Stream Control Transmission Protocol (SCTP) implementation. This vulnerability could potentially lead to a denial-of-service (DoS) condition if triggered. The flaw resides in how the kernel handles missing data buffers within SCTP chunks. Technical Details The vulnerability stems from a scenario where the chunk->skb pointer, which is expected to point to a socket buffer containing data for an SCTP chunk, could be unexpectedly NULL within a specific code block. The code was attempting to dereference this potentially NULL pointer, leading to a crash. Specifically, the vulnerability occurs…

Overview CVE-2025-40239 describes a critical vulnerability affecting the LAN8814 PHY driver within the Linux kernel. This vulnerability, if unaddressed, can lead to a null pointer dereference, potentially causing a kernel crash and system instability. The patch resolves the issue by ensuring the shared->phydev pointer is always initialized, regardless of PTP clock setup success. Technical Details The root cause of the vulnerability lies within the LAN8814 PTP probe function. Previously, the shared->phydev member was only set if the PTP clock was successfully configured. However, the lan8814_gpio_process_cap function, executed during IRQ handling, unconditionally accesses shared->phydev. If the PTP clock configuration failed, shared->phydev…

Overview CVE-2025-40238 describes a vulnerability in the Linux kernel related to the Mellanox mlx5 driver. This flaw specifically impacts the proper cleanup of IPsec configurations when using Mellanox MPV (Multi-Port Virtualization) devices. Failure to properly handle the cleanup process could lead to a kernel panic, resulting in a denial-of-service condition. This article provides a detailed technical analysis of the vulnerability, its potential impact, and recommended mitigation steps. Technical Details The vulnerability occurs during the detachment of a network device (netdev) using the mlx5e_detach_netdev() function. This process disables blocking events notifier, including IPsec MPV events between the InfiniBand (IB) subsystem and…

Overview CVE-2025-40237 describes a race condition vulnerability in the Linux kernel’s OverlayFS (overlay filesystem) implementation. Specifically, a NULL pointer dereference can occur during the unmount process of an OverlayFS filesystem when a file descriptor (fd) watching an overlayfs inode is accessed by inotify_fdinfo(). This vulnerability can lead to a system crash or other unpredictable behavior. Technical Details The vulnerability arises from a race condition between the filesystem unmount process and the inotify_fdinfo() function. Here’s a breakdown of the issue: When an OverlayFS filesystem is unmounted, the generic_shutdown_super() function is called. This function eventually sets the superblock’s root directory (sb->s_root) to…

Overview CVE-2025-40236 is a security vulnerability discovered and patched in the Linux kernel’s virtio-net subsystem. This flaw could potentially lead to an information leak when using GSO tunnels due to improper initialization of tunnel metadata. While the severity is not critical and has no CVSS score, understanding the issue and applying the fix is essential for maintaining a secure system. Technical Details The vulnerability stems from the virtio_net_hdr_tnl_from_skb() function. When a Generic Segmentation Offload (GSO) tunnel is negotiated, this function attempts to initialize tunnel metadata. However, it was found that the function failed to zero out unused receive hash (rxhash)…