SB2025120463 - NULL pointer dereference in Linux kernel emulex benet driver
Published: December 4, 2025
Security Bulletin ID
SB2025120463
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-40264)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the be_xmit_flush(), be_send_pkt_to_bmc() and be_xmit() functions in drivers/net/ethernet/emulex/benet/be_main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1ecd86ec6efddb59a10c927e8e679f183bb9113e
- https://git.kernel.org/stable/c/48d59b60dd5d7e4c48c077a2008c9dcd7b59bdfe
- https://git.kernel.org/stable/c/4c4741f6e7f2fa4e1486cb61e1c15b9236ec134d
- https://git.kernel.org/stable/c/7d277a7a58578dd62fd546ddaef459ec24ccae36
- https://git.kernel.org/stable/c/ce0a3699244aca3acb659f143c9cb1327b210f89