CVE-2025-40202

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel has a flaw in how user message limits are handled within the Intelligent Platform Management Interface (IPMI). The existing implementation had issues with incorrect message counting and a use-after-free condition. The rework restructures the message handling process, specifically within the receive message allocation routine, to improve refcounting and user message limit calculations, resulting in a cleaner and safer implementation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-70115

BDU:2025-14659

CVE-2025-40202

DLA-4379-1

OESA-2025-2765

OESA-2025-2766

OESA-2025-2767

OPENSUSE-SU-2025:20172-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0471-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40202

Weakness Enumeration

Related Identifiers

Affected Products

References · 3089