CVE-2025-40043

NONE EPSS 10.2%
Published Oct 28, 20258mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 28, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nci_init_req, which was introduced by commit 5aca7966d2a7 ("Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools"). This bug arises due to very limited and poor input validation that was done at nic_valid_size(). This validation only validates the skb->len (directly reflects size provided at the userspace interface) with the length provided in the buffer itself (interpreted as NCI_HEADER). This leads to the processing of memory content at the address assuming the correct layout per what opcode requires there. This leads to the accesses to buffer of `skb_buff->data` which is not assigned anything yet. Following the same silent drop of packets of invalid sizes at `nic_valid_size()`, add validation of the data in the respective handlers and return error values in case of failure. Release the skb if error values are returned from handlers in `nci_nft_packet` and effectively do a silent drop Possible TODO: because we silently drop the packets, the call to `nci_request` will be waiting for completion of request and will face timeouts. These timeouts can get excessively logged in the dmesg. A proper handling of them may require to export `nci_request_cancel` (or propagate error handling from the nft packets handlers).

Threat Intelligence

EPSS Exploit Probability
10.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 6

  • git.kernel.org https://git.kernel.org/stable/c/0ba68bea1e356f466ad29449938bea12f5f3711f
  • git.kernel.org https://git.kernel.org/stable/c/74837bca0748763a77f77db47a0bdbe63b347628
  • git.kernel.org https://git.kernel.org/stable/c/8fcc7315a10a84264e55bb65ede10f0af20a983f
  • git.kernel.org https://git.kernel.org/stable/c/9c328f54741bd5465ca1dc717c84c04242fac2e1
  • git.kernel.org https://git.kernel.org/stable/c/bfdda0123dde406dbff62e7e9136037e97998a15
  • git.kernel.org https://git.kernel.org/stable/c/c395d1e548cc68e84584ffa2e3ca9796a78bf7b9

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.