CVE-2025-40193
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/11/2025
Last modified:
12/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
xtensa: simdisk: add input size check in proc_write_simdisk<br />
<br />
A malicious user could pass an arbitrarily bad value<br />
to memdup_user_nul(), potentially causing kernel crash.<br />
<br />
This follows the same pattern as commit ee76746387f6<br />
("netdevsim: prevent bad user input in nsim_dev_health_break_write()")
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/151bd88859474cdaccc1e4c8b21fbf72dbba2ab4
- https://git.kernel.org/stable/c/5d5f08fd0cd970184376bee07d59f635c8403f63
- https://git.kernel.org/stable/c/a0c2c36d864ef3676b05cfd8c58b72ee3214cb1a
- https://git.kernel.org/stable/c/d381de7fd4cdc928ede96987dc64b133e6480dd6
- https://git.kernel.org/stable/c/f40405ccfb87b71175f2d5d004c0b8a0aebcc2cf