CVE-2025-40041

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.16.0+ and later

Description The Linux kernel contains a flaw in the BPF subsystem related to handling struct operations on the LoongArch architecture. Specifically, the return values of struct operations are not correctly sign-extended, leading to a potential kernel panic. The issue was identified during testing with the ns bpf qdisc selftest. The incorrect sign extension occurs because the return value, treated as a 32-bit value, is improperly extended to 64-bit, which is incorrect for the LoongArch ABI. This can cause issues when dealing with struct operations that require the LoongArch ABI.

Recommendations Update to a newer version that contains a fix for this vulnerability.