CVE-2025-40159

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the xsk module related to the validation of userspace-supplied xdp desc. Specifically, certain invalid values provided in the xdp desc from userspace could bypass validation checks, potentially leading to undefined behavior or the queuing of invalid frames for transmission. This issue arises from potential integer overflows when calculating memory addresses and lengths within the xdp desc structure. The vulnerability does not affect valid XSk applications but can be exploited through crafted input. The fix involves promoting the desc->len value to a 64-bit integer to prevent positive overflows and using explicit overflow checks when validating desc->addr.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.