Out-of-Bounds Access Vulnerability in Linux Kernel Hypervisor for ARM64
CVE-2025-40266

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40266?

A security issue in the Linux kernel's KVM subsystem for ARM64 architecture was identified, where an untrusted offset in the FF-A memory share could lead to out-of-bounds (OOB) access. This could allow a malicious host to manipulate large offset values, potentially leading to unauthorized access or manipulation of memory regions, thus posing a significant security risk. Proper verification of the offset is required to mitigate against such vulnerabilities, ensuring that any values passed to the hypervisor are within acceptable limits to maintain system integrity.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/fc3139d9f4c1fe1c7d5f25f99...

https://git.kernel.org/stable/c/bc1909ef38788f2ee3d8011d7...

https://git.kernel.org/stable/c/f9f1aed6c8a3427900da3121e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON