Information Leak in Linux Kernel's Networking Stack
CVE-2025-40278

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40278?

A vulnerability in the Linux Kernel's networking stack involved a kernel information leak due to uninitialized padding bytes in a data structure. The variable used in the netlink message was only partially initialized, leading to the potential exposure of sensitive kernel memory data to userspace. This issue has been identified and addressed by ensuring that all members, including padding bytes of the structure, are completely zeroed before further processing. The fix has passed validation to prevent such information leaks in the future.

Affected Version(s)

Linux ef6980b6becb1afd9d82a4f043749a10ae81bf14 < 918e063304f945fb93be9bb70cacea07d0b730ea

Linux ef6980b6becb1afd9d82a4f043749a10ae81bf14 < 5e3644ef147bf7140259dfa4cace680c9b26fe8b

Linux ef6980b6becb1afd9d82a4f043749a10ae81bf14 < 37f0680887c5aeba9a433fe04b35169010568bb1

References

https://git.kernel.org/stable/c/918e063304f945fb93be9bb70...

https://git.kernel.org/stable/c/5e3644ef147bf7140259dfa4c...

https://git.kernel.org/stable/c/37f0680887c5aeba9a433fe04...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON