CVE-2025-40159

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xsk: Harden userspace-supplied xdp_desc validation<br /> <br /> Turned out certain clearly invalid values passed in xdp_desc from<br /> userspace can pass xp_{,un}aligned_validate_desc() and then lead<br /> to UBs or just invalid frames to be queued for xmit.<br /> <br /> desc-&gt;len close to ``U32_MAX`` with a non-zero pool-&gt;tx_metadata_len<br /> can cause positive integer overflow and wraparound, the same way low<br /> enough desc-&gt;addr with a non-zero pool-&gt;tx_metadata_len can cause<br /> negative integer overflow. Both scenarios can then pass the<br /> validation successfully.<br /> This doesn&amp;#39;t happen with valid XSk applications, but can be used<br /> to perform attacks.<br /> <br /> Always promote desc-&gt;len to ``u64`` first to exclude positive<br /> overflows of it. Use explicit check_{add,sub}_overflow() when<br /> validating desc-&gt;addr (which is ``u64`` already).<br /> <br /> bloat-o-meter reports a little growth of the code size:<br /> <br /> add/remove: 0/0 grow/shrink: 2/1 up/down: 60/-16 (44)<br /> Function old new delta<br /> xskq_cons_peek_desc 299 330 +31<br /> xsk_tx_peek_release_desc_batch 973 1002 +29<br /> xsk_generic_xmit 3148 3132 -16<br /> <br /> but hopefully this doesn&amp;#39;t hurt the performance much.