Userspace-Supplied XDP Descriptor Validation Flaw in Linux Kernel
CVE-2025-40159
What is CVE-2025-40159?
A vulnerability has been identified in the Linux kernel's handling of userspace-supplied XDP descriptors. This flaw can allow invalid values to pass the validation process, potentially leading to undefined behavior or the queuing of invalid frames for transmission. Specifically, situations can arise where an overly large descriptor length or a negative address due to integer overflow can bypass validation checks. Though legitimate applications using XSK are unlikely to encounter these issues, attackers may exploit this vulnerability to disrupt normal operations. The kernel has been updated to reinforce descriptor validation practices, preventing such overflows through the promotion of descriptor length checks and careful validation of addresses.
Affected Version(s)
Linux 341ac980eab90ac1f6c22ee9f9da83ed9604d899 < 1463cd066f32efd56ddfd3ac4e3524200f362980
Linux 341ac980eab90ac1f6c22ee9f9da83ed9604d899 < 5b5fffa7c81e55d8c8edf05ad40d811ec7047e21
Linux 341ac980eab90ac1f6c22ee9f9da83ed9604d899 < 07ca98f906a403637fc5e513a872a50ef1247f3b