Out-of-Bounds Access Vulnerability in Linux Kernel Affecting VMWGFX Driver
CVE-2025-40277

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40277?

A vulnerability in the Linux kernel's VMWGFX driver allows for improper validation of command header size, which is derived from user space input. This can lead to buffer offset calculations that may overflow, resulting in potential out-of-bounds access. Such issues can compromise the stability and security of systems using affected kernel versions, emphasizing the need for timely updates and patches.

Affected Version(s)

Linux 8ce75f8ab9044fe11caaaf2b2c82471023212f9f

Linux 8ce75f8ab9044fe11caaaf2b2c82471023212f9f < 54d458b244893e47bda52ec3943fdfbc8d7d068b

Linux 8ce75f8ab9044fe11caaaf2b2c82471023212f9f < 709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173

References

https://git.kernel.org/stable/c/e58559845021c3bad5e094219...

https://git.kernel.org/stable/c/54d458b244893e47bda52ec39...

https://git.kernel.org/stable/c/709e5c088f9c99a5cf2c1d1c6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON