Input Validation Flaw in Linux Kernel Affects Multiple Distributions
CVE-2025-40193

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40193?

A flaw in the Linux kernel allows a malicious user to supply arbitrary input to the memdup_user_nul() function without adequate validation, potentially leading to a kernel crash. This vulnerability is similar in nature to another security issue addressed in the kernel, where bad input could lead to system instability. The patch enhances user input checks in the affected area, providing better protection against such exploit attempts.

Affected Version(s)

Linux b6c7e873daf765e41233b9752083b66442703b7a

Linux b6c7e873daf765e41233b9752083b66442703b7a < 151bd88859474cdaccc1e4c8b21fbf72dbba2ab4

Linux b6c7e873daf765e41233b9752083b66442703b7a

References

https://git.kernel.org/stable/c/f40405ccfb87b71175f2d5d00...

https://git.kernel.org/stable/c/151bd88859474cdaccc1e4c8b...

https://git.kernel.org/stable/c/d381de7fd4cdc928ede96987d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON