#VU119178 NULL pointer dereference in Linux kernel - CVE-2025-40240
Published: December 4, 2025
Vulnerability identifier: #VU119178
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40240
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_inq_pop() function in net/sctp/inqueue.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196f
- https://git.kernel.org/stable/c/08165c296597075763130919f2aae59b5822f016
- https://git.kernel.org/stable/c/441f0647f7673e0e64d4910ef61a5fb8f16bfb82
- https://git.kernel.org/stable/c/4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71
- https://git.kernel.org/stable/c/61cda2777b07d27459f5cac5a047c3edf9c8a1a9
- https://git.kernel.org/stable/c/7a832b0f99be19df608cb75c023f8027b1789bd1
- https://git.kernel.org/stable/c/89b465b54227c245ddc7cc9ed822231af21123ef
- https://git.kernel.org/stable/c/cb9055ba30306ede4ad920002233d0659982f1cb