Vulnerability Lookup

🛡️ CVE-2025-40278

⚪ Unknown ✅ No Known Exploit NVD

N/A

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . [net?] KMSAN: kernel-infoleak in __skb_datagram_iter In tcf_ife_dump(), the variable 'opt' was partially initialized using a designatied initializer. While the padding bytes are reamined uninitialized. nla_put() copies the entire structure into a netlink message, these uninitialized bytes leaked to userspace. Initialize the structure with memset before assigning its fields to ensure all members and padding are cleared prior to beign copied. This change silences the KMSAN report and prevents potential information leaks from the kernel memory. This fix has been tested and validated by syzbot. This patch closes the bug reported at the following syzkaller link and ensures no infoleak.

Details

Severity Unknown

CVSS Score N/A

CVSS Vector N/A

CWE N/A

Public Exploit ✅ No

Source NVD

Published 2025-12-06

Updated 2026-06-03

Modified 2026-04-16

Fix URL N/A

Affected Packages

Software	From version	Fixed in
kernel	6.13.0	6.17.9
unknown	—	—

References

WEB https://git.kernel.org/stable/c/2191662058443e0bcc28d11694293d8339af6dde

WEB https://git.kernel.org/stable/c/37f0680887c5aeba9a433fe04b35169010568bb1

WEB https://git.kernel.org/stable/c/5e3644ef147bf7140259dfa4cace680c9b26fe8b

WEB https://git.kernel.org/stable/c/918e063304f945fb93be9bb70cacea07d0b730ea

WEB https://git.kernel.org/stable/c/a676a296af65d33725bdf7396803180957dbd92e

WEB https://git.kernel.org/stable/c/c8f51dad94cbb88054e2aacc272b3ce1ed11fb1e

WEB https://git.kernel.org/stable/c/ce50039be49eea9b4cd8873ca6eccded1b4a130a

WEB https://git.kernel.org/stable/c/d1dbbbe839647486c9b893e5011fe84a052962df

ADVISORY https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40278.json

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-40278

PACKAGE https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

🔗 NVD 🔗 Mitre

Similar Threats

Unknown ALSA-2023:2458
Unknown ALSA-2023:1703
Unknown ALSA-2023:1566
Unknown ALSA-2023:1470
Unknown ALSA-2023:0951

Vulnerability Monitoring

Stay informed about vulnerabilities in your stack

BotEraser monitors your WordPress installation and notifies you when software you use appears in our vulnerability database.

Set Up Free Alerts →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Stay informed about vulnerabilities in your stack

Company

Resources

Services

Trusted

Subscribe