PT-2025-44111 · Linux+4 · Linux Kernel+4

Published

2025-09-25

·

Updated

2026-05-07

·

CVE-2025-40043

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw related to insufficient input validation in the NFC (Near Field Communication) subsystem. Specifically, the nci init req function had limited validation, leading to potential memory access issues when processing packet data. The issue stemmed from inadequate checks on the size and content of data received from the userspace interface, potentially allowing access to unassigned memory regions within the skb buff->data buffer. The vulnerability was introduced by commit 5aca7966d2a7. The fix involves adding data validation within the respective handlers and returning error values upon failure, along with releasing the skb if errors occur.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Access of Uninitialized Pointer

Weakness Enumeration

CWE-824

Related Identifiers

BDU:2025-16084
CVE-2025-40043
DLA-4379-1
DSA-6053-1
ECHO-C36A-98A3-9DCE
MGASA-2025-0309
MGASA-2025-0310
OESA-2025-2765
OESA-2025-2766
OESA-2025-2767
OPENSUSE-SU-2025:15702-1
OPENSUSE-SU-2025:20091-1
OPENSUSE-SU-2026:10301-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21080-1
SUSE-SU-2025:21147-1
SUSE-SU-2025:21180-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4301-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu