PT-2025-44109 · Linux+2 · Linux Kernel+2

Published

2025-10-02

Updated

2026-03-07

CVE-2025-40041

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.16.0+ and later

Description The Linux kernel contains a flaw in the BPF subsystem related to handling struct operations on the LoongArch architecture. Specifically, the return values of struct operations are not correctly sign-extended, leading to a potential kernel panic. The issue was identified during testing with the ns bpf qdisc selftest. The incorrect sign extension occurs because the return value, treated as a 32-bit value, is improperly extended to 64-bit, which is incorrect for the LoongArch ABI. This can cause issues when dealing with struct operations that require the LoongArch ABI.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2025-13786

CVE-2025-40041

OPENSUSE-SU-2025:15702-1

OPENSUSE-SU-2026:10301-1

USN-8048-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2025-44109 · Linux+2 · Linux Kernel+2

CVE-2025-40041

Weakness Enumeration

Related Identifiers

Affected Products

References · 581