CVE-2025-40236

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

04/12/2025

Last modified:

04/12/2025

Description

In the Linux kernel, the following vulnerability has been resolved: virtio-net: zero unused hash fields When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may leak information to another side. Fixing this by zeroing the unused hash fields.

Impact

References to Advisories, Solutions, and Tools

https://git.kernel.org/stable/c/b2284768c6b32aa224ca7d0ef0741beb434f03aa
https://git.kernel.org/stable/c/b625d231c66a6041e98817ffc944bf6e4c45b2e3