PT-2025-44103 · Linux+4 · Linux Kernel+4

Published

2025-09-28

·

Updated

2026-05-26

·

CVE-2025-40035

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel related to the handling of uinput devices. Specifically, the uinput ff upload compat structure was not properly initialized, potentially leading to information disclosure. The structure contains embedded padding and, without zeroing, copy to user() could leak stack data to user space. The issue resides in the initialization of ff up compat before filling valid fields.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Weakness Enumeration

CWE-665

Related Identifiers

AZL-68852
BDU:2026-02714
CVE-2025-40035
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-5D17-E510-8581
MGASA-2025-0309
MGASA-2025-0310
OESA-2025-2765
OESA-2025-2766
OESA-2025-2767
OPENSUSE-SU-2025:15702-1
OPENSUSE-SU-2025:20091-1
OPENSUSE-SU-2026:10301-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21080-1
SUSE-SU-2025:21147-1
SUSE-SU-2025:21180-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4301-1
SUSE-SU-2026:0316-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu