Linux Kernel Security Flaw in be2net Driver
CVE-2025-40264

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40264?

A vulnerability in the be2net driver of the Linux kernel could result in dereferencing a NULL pointer, potentially causing instability in network packet processing. Specifically, the function be_insert_vlan_in_pkt() was invoked with NULL wrb_params at the be_send_pkt_to_bmc() site, which violates proper parameter handling protocols. The designated fix recommends passing correct parameters from be_xmit() to prevent this issue, addressing a flaw reported in commit bc0c3405abbb that pertains to a specific IPv6 packet anomaly.

Affected Version(s)

Linux 760c295e0e8d982917d004c9095cff61c0cbd803 < 48d59b60dd5d7e4c48c077a2008c9dcd7b59bdfe

Linux 760c295e0e8d982917d004c9095cff61c0cbd803

Linux 760c295e0e8d982917d004c9095cff61c0cbd803 < 1ecd86ec6efddb59a10c927e8e679f183bb9113e

References

https://git.kernel.org/stable/c/48d59b60dd5d7e4c48c077a20...

https://git.kernel.org/stable/c/ce0a3699244aca3acb659f143...

https://git.kernel.org/stable/c/1ecd86ec6efddb59a10c927e8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON