CVE-2025-40266
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/12/2025
Last modified:
04/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
KVM: arm64: Check the untrusted offset in FF-A memory share<br />
<br />
Verify the offset to prevent OOB access in the hypervisor<br />
FF-A buffer in case an untrusted large enough value<br />
[U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX]<br />
is set from the host kernel.