Overflow Vulnerability in ARM SPE within Linux Kernel
CVE-2025-40081

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40081?

A vulnerability has been identified in the Linux kernel related to the ARM Speak Performance Enhancements (ARM SPE) that allows for an overflow during the handling of large Auxiliary (AUX) buffer sizes, specifically those that reach 2 GiB or more. This issue arises in the function handling the buffer size, where the numerical page count needs to be cast to an unsigned long to prevent overflow. If exploited, this vulnerability could lead to stability issues or potentially allow for unintended behavior in kernel performance monitoring tools.

Affected Version(s)

Linux d5d9696b03808bc6be723cc85288c912c3a05606 < 656e9a5d69acdd1b20462f4a33378b90ddcb9626

Linux d5d9696b03808bc6be723cc85288c912c3a05606 < 9c045d4501f7f70724a3bbb561f4f22d292bbfe6

Linux d5d9696b03808bc6be723cc85288c912c3a05606 < 5d01f2b81568289443d22f1e13a363f829de6343

References

https://git.kernel.org/stable/c/656e9a5d69acdd1b20462f4a3...

https://git.kernel.org/stable/c/9c045d4501f7f70724a3bbb56...

https://git.kernel.org/stable/c/5d01f2b81568289443d22f1e1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON