Vulnerability Lookup

🛡️ CVE-2025-40035

⚪ Unknown ✅ No Known Exploit NVD

N/A

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Struct ff_effect_compat is embedded twice inside uinput_ff_upload_compat, contains internal padding. In particular, there is a hole after struct ff_replay to satisfy alignment requirements for the following union member. Without clearing the structure, copy_to_user() may leak stack data to userspace. Initialize ff_up_compat to zero before filling valid fields.

Details

Severity Unknown

CVSS Score N/A

CVSS Vector N/A

CWE N/A

Public Exploit ✅ No

Source NVD

Published 2025-10-28

Updated 2026-06-02

Modified 2026-04-16

Fix URL N/A

Affected Packages

Software	From version	Fixed in
kernel	6.13.0	6.17.3
unknown	—	—

References

WEB https://git.kernel.org/stable/c/1b317796013f666ae5040edbf0f230ec61496d42

WEB https://git.kernel.org/stable/c/48c96b7e9e03516936d6deba54b5553097eae817

WEB https://git.kernel.org/stable/c/877172b97786ed1678640dff0b2d35abb328844c

WEB https://git.kernel.org/stable/c/933b87c4590b42500299f00ff55f555903056803

WEB https://git.kernel.org/stable/c/d3366a04770eea807f2826cbdb96934dd8c9bf79

WEB https://git.kernel.org/stable/c/e63aade22a33e77b93c98c9f02db504d897a76b4

WEB https://git.kernel.org/stable/c/f5e1f3b85aadce74268c46676772c3e9fa79897e

WEB https://git.kernel.org/stable/c/fd8a23ecbc602d00e47b27f20b07350867d0ebe5

ADVISORY https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40035.json

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-40035

PACKAGE https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

🔗 NVD 🔗 Mitre

Similar Threats

Unknown ALSA-2023:2458
Unknown ALSA-2023:1703
Unknown ALSA-2023:1566
Unknown ALSA-2023:1470
Unknown ALSA-2023:0951

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Running software with known vulnerabilities?

Company

Resources

Services

Trusted

Subscribe