Out-of-Bounds Access Vulnerability in Linux Kernel Hypervisor for ARM64
CVE-2025-40266

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 December 2025

What is CVE-2025-40266?

A security issue in the Linux kernel's KVM subsystem for ARM64 architecture was identified, where an untrusted offset in the FF-A memory share could lead to out-of-bounds (OOB) access. This could allow a malicious host to manipulate large offset values, potentially leading to unauthorized access or manipulation of memory regions, thus posing a significant security risk. Proper verification of the offset is required to mitigate against such vulnerabilities, ensuring that any values passed to the hypervisor are within acceptable limits to maintain system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 6211753fdfd05af9e08f54c8d0ba3ee516034878

Linux 6211753fdfd05af9e08f54c8d0ba3ee516034878

Linux 6211753fdfd05af9e08f54c8d0ba3ee516034878

References

https://git.kernel.org/stable/c/fc3139d9f4c1fe1c7d5f25f99...
https://git.kernel.org/stable/c/bc1909ef38788f2ee3d8011d7...
https://git.kernel.org/stable/c/f9f1aed6c8a3427900da3121e...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.