#VU119324 Out-of-bounds read in Linux kernel - CVE-2025-40281
Published: December 8, 2025
Vulnerability identifier: #VU119324
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40281
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sctp_transport_update_rto() function in net/sctp/transport.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/0e0413e3315199b23ff4aec295e256034cd0a6e4
- https://git.kernel.org/stable/c/1534ff77757e44bcc4b98d0196bc5c0052fce5fa
- https://git.kernel.org/stable/c/1cfa4eac275cc4875755c1303d48a4ddfe507ca8
- https://git.kernel.org/stable/c/834e65be429c0fa4f9bb5945064bd57f18ed2187
- https://git.kernel.org/stable/c/aaba523dd7b6106526c24b1fd9b5fc35e5aaa88d
- https://git.kernel.org/stable/c/abb086b9a95d0ed3b757ee59964ba3c4e4b2fc1a
- https://git.kernel.org/stable/c/d0d858652834dcf531342c82a0428170aa7c2675
- https://git.kernel.org/stable/c/ed71f801249d2350c77a73dca2c03918a15a62fe