CVE-2025-40337

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: stmmac: Correctly handle Rx checksum offload errors<br /> <br /> The stmmac_rx function would previously set skb-&gt;ip_summed to<br /> CHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled<br /> and the packet was of a known IP ethertype.<br /> <br /> However, this logic failed to check if the hardware had actually<br /> reported a checksum error. The hardware status, indicating a header or<br /> payload checksum failure, was being ignored at this stage. This could<br /> cause corrupt packets to be passed up the network stack as valid.<br /> <br /> This patch corrects the logic by checking the `csum_none` status flag,<br /> which is set when the hardware reports a checksum error. If this flag<br /> is set, skb-&gt;ip_summed is now correctly set to CHECKSUM_NONE,<br /> ensuring the kernel&amp;#39;s network stack will perform its own validation and<br /> properly handle the corrupt packet.