CVE-2025-40053

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: dlink: handle copy_thresh allocation failure

The driver did not handle failure of netdev_alloc_skb_ip_align(). If the allocation failed, dereferencing skb->protocol could lead to a NULL pointer dereference.

This patch tries to allocate skb. If the allocation fails, it falls back to the normal path.

Tested-on: D-Link DGE-550T Rev-A3

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 84fd710a704f3d53d4120e452e86cea558cf73a8affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5aa9b885602811a026a3f45c92ea2b4b04c54f09affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9d49e4b14609e1a20d931e718962c4b6b5485174affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ea87151df398d407a632c7bf63013290f01c5009affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7ed5010fef0930f4322d620052edc854ef3ec41faffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < fd7b6b2c920d7fd370a612be416a904d6e1ebe55affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8169a6011c5fecc6cb1c3654c541c567d3318de8affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux5.10.246 <= 5.10.*unaffected
LinuxLinux5.15.195 <= 5.15.*unaffected
LinuxLinux6.1.156 <= 6.1.*unaffected
LinuxLinux6.6.112 <= 6.6.*unaffected
LinuxLinux6.12.53 <= 6.12.*unaffected
LinuxLinux6.17.3 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References