CVE-2025-40240

Summary

In the Linux kernel, the following vulnerability has been resolved:

sctp: avoid NULL dereference when chunk data buffer is missing

chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only.

chunk->skb can only be NULL if chunk->head_skb is not. Check for frag_list instead and do it just before replacing chunk->skb. We're sure that otherwise chunk->skb is non-NULL because of outer if() condition.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux90017accff61ae89283ad9a51f9ac46ca01633fb < 61cda2777b07d27459f5cac5a047c3edf9c8a1a9affected
LinuxLinux90017accff61ae89283ad9a51f9ac46ca01633fb < 08165c296597075763130919f2aae59b5822f016affected
LinuxLinux90017accff61ae89283ad9a51f9ac46ca01633fb < 03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196faffected
LinuxLinux90017accff61ae89283ad9a51f9ac46ca01633fb < 4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71affected
LinuxLinux90017accff61ae89283ad9a51f9ac46ca01633fb < cb9055ba30306ede4ad920002233d0659982f1cbaffected
LinuxLinux90017accff61ae89283ad9a51f9ac46ca01633fb < 7a832b0f99be19df608cb75c023f8027b1789bd1affected
LinuxLinux90017accff61ae89283ad9a51f9ac46ca01633fb < 89b465b54227c245ddc7cc9ed822231af21123efaffected
LinuxLinux90017accff61ae89283ad9a51f9ac46ca01633fb < 441f0647f7673e0e64d4910ef61a5fb8f16bfb82affected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux5.4.301 <= 5.4.*unaffected
LinuxLinux5.10.246 <= 5.10.*unaffected
LinuxLinux5.15.196 <= 5.15.*unaffected
LinuxLinux6.1.158 <= 6.1.*unaffected
LinuxLinux6.6.115 <= 6.6.*unaffected
LinuxLinux6.12.56 <= 6.12.*unaffected
LinuxLinux6.17.6 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References