Main Vulnerability Database Vulnerabilities #VU118490

#VU118490 Input validation error in Linux kernel - CVE-2025-40206

Published: November 13, 2025

Vulnerability identifier: #VU118490

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-40206

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nft_objref_eval() and nft_objref_map_destroy() functions in net/netfilter/nft_objref.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's repository.

External links

https://git.kernel.org/stable/c/0028e0134c64d9ed21728341a74fcfc59cd0f944
https://git.kernel.org/stable/c/4c1cf72ec10be5a9ad264650cadffa1fbce6fabd
https://git.kernel.org/stable/c/7ea55a44493a5a36c3b3293b88bbe4841f9dbaf0
https://git.kernel.org/stable/c/f359b809d54c6e3dd1d039b97e0b68390b0e53e4

#VU118490 Input validation error in Linux kernel - CVE-2025-40206

Description

Remediation

External links

Please verify you're human