PT-2025-49421 · Linux+2 · Linux Kernel+2

Published

2025-12-08

Updated

2026-04-06

CVE-2025-40290

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.12+deb14-cloud-amd64 #1

Description The Linux kernel contained a flaw in the xsk (XDP socket) subsystem related to descriptor number handling on completion queues. A commit (30f241fcf52a) initially introduced an issue where the descriptor number was stored in the skb control block, which is not suitable for long-term storage as other subsystems might utilize it. This led to a potential NULL pointer dereference and a kernel panic. The issue was addressed by utilizing the skb destructor arg pointer along with pointer tagging to ensure data integrity.

Recommendations Update to Linux kernel version 6.16.12+deb14-cloud-amd64 #1 or a later version to resolve this issue.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-40290

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8152-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2025-49421 · Linux+2 · Linux Kernel+2

CVE-2025-40290

Related Identifiers

Affected Products

References · 213