Kernel Memory Leak Vulnerability in Linux Kernel by Vendor
CVE-2025-40279

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40279?

The Linux Kernel vulnerability involves a memory leak in the networking component, specifically within the tcf_connmark_dump() function. The variable 'opt' was only partially initialized, which resulted in uninitialized padding bytes being leaked to userspace during netlink message copying. This flaw underscores the need for proper initialization practices, such as using memset, to ensure that all members and padding in a structure are cleared before usage, thereby preventing potential data exposure to unauthorized users.

Affected Version(s)

Linux 22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae < 218b67c8c8246d47a2a7910eae80abe4861fe2b7

Linux 22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae < 73cc56c608c209d3d666cc571293b090a471da70

Linux 22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae < 31e4aa93e2e5b5647fc235b0f6ee329646878f9e

References

https://git.kernel.org/stable/c/218b67c8c8246d47a2a7910ea...

https://git.kernel.org/stable/c/73cc56c608c209d3d666cc571...

https://git.kernel.org/stable/c/31e4aa93e2e5b5647fc235b0f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON