Kernel Panic in Linux Kernel due to Struct Ops Return Value Mismanagement
CVE-2025-40079

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40079?

A vulnerability in the Linux Kernel's handling of struct ops return values has been identified, leading to potential kernel panics. This issue arises when a pointer returned by the 'bpf_fifo_dequeue' function is incorrectly treated as a 32-bit value. The sign extension from 32-bit to 64-bit does not conform to the RISC-V ABI, particularly for struct operations. This mismanagement can result in significant system stability issues, making it critical for users to promptly apply security updates to mitigate possible exploitation.

Affected Version(s)

Linux 25ad10658dc1068a671553ff10e19a812c2a3783 < 92751937f12a7d34ad492577a251c94a55e97e72

Linux 25ad10658dc1068a671553ff10e19a812c2a3783 < 918a399501e28e0cc36dbd1fcfb4208f8aa1e4d1

Linux 25ad10658dc1068a671553ff10e19a812c2a3783

References

https://git.kernel.org/stable/c/92751937f12a7d34ad492577a...

https://git.kernel.org/stable/c/918a399501e28e0cc36dbd1fc...

https://git.kernel.org/stable/c/fd2e08128944a7679e753f920...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON