PT-2025-44146 · Linux+4 · Linux Kernel+4

Published

2025-09-17

·

Updated

2026-05-22

·

CVE-2025-40078

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains an issue related to insufficient access checks within the bpf sock addr structure. Specifically, the sock addr is valid access function did not explicitly reject access to padding within the structure, leading to potential errors during context access conversion. The issue was identified through Syzkaller, a kernel testing tool, which detected a warning related to accessing an implicit padding of 4 bytes after msg src ip4 at offset 60 within bpf sock addr. The patch resolves this by adding explicit checks for various fields within bpf sock addr in the sock addr is valid access function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Weakness Enumeration

CWE-20

Related Identifiers

AZL-68840
BDU:2025-16406
CVE-2025-40078
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-314A-5771-7561
MGASA-2025-0309
MGASA-2025-0310
OESA-2026-2417
OESA-2026-2418
OPENSUSE-SU-2025:15702-1
OPENSUSE-SU-2025:20091-1
OPENSUSE-SU-2026:10301-1
SUSE-SU-2025:21040-1
SUSE-SU-2025:21052-1
SUSE-SU-2025:21056-1
SUSE-SU-2025:21064-1
SUSE-SU-2025:21080-1
SUSE-SU-2025:21147-1
SUSE-SU-2025:21180-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4128-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4140-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4189-1
SUSE-SU-2025:4301-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu