Out-of-Bounds Access Vulnerability in Linux Kernel Affecting VMWGFX Driver
CVE-2025-40277

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
6 December 2025

What is CVE-2025-40277?

A vulnerability in the Linux kernel's VMWGFX driver allows for improper validation of command header size, which is derived from user space input. This can lead to buffer offset calculations that may overflow, resulting in potential out-of-bounds access. Such issues can compromise the stability and security of systems using affected kernel versions, emphasizing the need for timely updates and patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Linux 8ce75f8ab9044fe11caaaf2b2c82471023212f9f < 54d458b244893e47bda52ec3943fdfbc8d7d068b

Linux 8ce75f8ab9044fe11caaaf2b2c82471023212f9f < 709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173

References

https://git.kernel.org/stable/c/e58559845021c3bad5e094219...
https://git.kernel.org/stable/c/54d458b244893e47bda52ec39...
https://git.kernel.org/stable/c/709e5c088f9c99a5cf2c1d1c6...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.