Linux Kernel Vulnerability in IPMI Messaging Handling by Linux Foundation
CVE-2025-40202

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40202?

A vulnerability within the Linux kernel's IPMI implementation relates to the handling of user message limits. This flaw involved improper counting of user messages and a potential use-after-free condition. As a result, the system could become unstable or expose sensitive information. The recent restructuring of the message allocation routine aims to enhance the safety and clarity of this process, ensuring accurate reference counting and message limit enforcement.

Affected Version(s)

Linux 8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82

Linux 8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82 < 348121b29594d42d1635648fd3ed31dfa25351d5

Linux 8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82 < 53d6e403affbf6df2c859a0ea00ccfc1e72090ca

References

https://git.kernel.org/stable/c/f63723ca7d7623f9dae199097...

https://git.kernel.org/stable/c/348121b29594d42d1635648fd...

https://git.kernel.org/stable/c/53d6e403affbf6df2c859a0ea...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON