PT-2025-44149 · Linux+3 · Linux Kernel+3

Published

2025-09-17

·

Updated

2026-05-07

·

CVE-2025-40081

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An issue was identified in the Linux kernel related to the perf subsystem and specifically the arm spe component. A cast to unsigned long was implemented for the nr pages variable to prevent potential overflow issues when handling large AUX buffer sizes greater than or equal to 2 GiB. The vulnerable function is PERF IDX2OFF().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Heap Based Buffer Overflow

Out of bounds Read

Weakness Enumeration

CWE-122CWE-125

Related Identifiers

AZL-68912
BDU:2025-16408
CVE-2025-40081
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-33D6-6D8B-B941
MGASA-2025-0309
MGASA-2025-0310
OESA-2025-2632
OESA-2025-2633
OESA-2025-2634
OESA-2025-2635
OESA-2025-2636
OPENSUSE-SU-2025:15702-1
OPENSUSE-SU-2025:20172-1
OPENSUSE-SU-2026:10301-1
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:0316-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu