CVE-2025-40350

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue in the net/mlx5e component related to handling XDP programs and skb (socket buffer) generation. XDP programs can modify the layout of an xdp buff using the bpf xdp adjust tail() and bpf xdp adjust head() functions, which can lead to the driver making incorrect assumptions about the size of the linear data area and fragments. This can result in the generation of erroneous skb or kernel warnings. Specifically, when handling multi-buf XDP, the driver assumes the xdp buff layout remains unchanged, which is not always the case. The issue arises when an XDP program adds linear data using bpf xdp adjust head(), causing the linear data to be ignored, or shrinks non-linear data using bpf xdp adjust tail(), potentially exceeding the actual non-linear data size and triggering a bug. The fix involves recording the original number of fragments, adjusting the end fragment pointer if the number of fragments changes, recalculating the truesize, and building the skb to match the xdp buff layout. Data is pulled only if non-linear data exists, filling the linear part up to 256 bytes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.