CVE-2025-39940

MEDIUM EPSS 3.1%
Published Oct 4, 20259mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 4, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripe_io_hints if we have too large chunk size. Test if the overflow happened, and if it did, don't set limits->io_min and limits->io_opt;

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥2.6.31.1  –  <6.12.49
linuxlinux_kernel*≥6.13  –  <6.16.9
linuxlinux_kernel2.6.31any
linuxlinux_kernel2.6.31any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/1071d560afb4c245c2076494226df47db5a35708
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee27658c239b27721397f3e4eb16370b5cce596e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8f64254bca5ae58f3b679441962bda4c409f659
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1071d560afb4c245c2076494226df47db5a35708
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee27658c239b27721397f3e4eb16370b5cce596e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8f64254bca5ae58f3b679441962bda4c409f659
    Patch