Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-40202 (GCVE-0-2025-40202)
Vulnerability from cvelistv5 – Published: 2025-11-12 21:56 – Updated: 2025-12-01 06:20
VLAI?
EPSS
Title
ipmi: Rework user message limit handling
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipmi: Rework user message limit handling
The limit on the number of user messages had a number of issues,
improper counting in some cases and a use after free.
Restructure how this is all done to handle more in the receive message
allocation routine, so all refcouting and user message limit counts
are done in that routine. It's a lot cleaner and safer.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82 , < f63723ca7d7623f9dae1990973cd158671f03c56
(git)
Affected: 8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82 , < 348121b29594d42d1635648fd3ed31dfa25351d5 (git) Affected: 8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82 , < 53d6e403affbf6df2c859a0ea00ccfc1e72090ca (git) Affected: 8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82 , < 0ed73be9a2547ffb9b5c1d879ad9bfab73d920b5 (git) Affected: 8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82 , < b52da4054ee0bf9ecb44996f2c83236ff50b3812 (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/ipmi/ipmi_msghandler.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f63723ca7d7623f9dae1990973cd158671f03c56",
"status": "affected",
"version": "8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82",
"versionType": "git"
},
{
"lessThan": "348121b29594d42d1635648fd3ed31dfa25351d5",
"status": "affected",
"version": "8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82",
"versionType": "git"
},
{
"lessThan": "53d6e403affbf6df2c859a0ea00ccfc1e72090ca",
"status": "affected",
"version": "8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82",
"versionType": "git"
},
{
"lessThan": "0ed73be9a2547ffb9b5c1d879ad9bfab73d920b5",
"status": "affected",
"version": "8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82",
"versionType": "git"
},
{
"lessThan": "b52da4054ee0bf9ecb44996f2c83236ff50b3812",
"status": "affected",
"version": "8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/ipmi/ipmi_msghandler.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.54",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.157",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.113",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.54",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.4",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18",
"versionStartIncluding": "5.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: Rework user message limit handling\n\nThe limit on the number of user messages had a number of issues,\nimproper counting in some cases and a use after free.\n\nRestructure how this is all done to handle more in the receive message\nallocation routine, so all refcouting and user message limit counts\nare done in that routine. It\u0027s a lot cleaner and safer."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T06:20:05.043Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f63723ca7d7623f9dae1990973cd158671f03c56"
},
{
"url": "https://git.kernel.org/stable/c/348121b29594d42d1635648fd3ed31dfa25351d5"
},
{
"url": "https://git.kernel.org/stable/c/53d6e403affbf6df2c859a0ea00ccfc1e72090ca"
},
{
"url": "https://git.kernel.org/stable/c/0ed73be9a2547ffb9b5c1d879ad9bfab73d920b5"
},
{
"url": "https://git.kernel.org/stable/c/b52da4054ee0bf9ecb44996f2c83236ff50b3812"
}
],
"title": "ipmi: Rework user message limit handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40202",
"datePublished": "2025-11-12T21:56:34.527Z",
"dateReserved": "2025-04-16T07:20:57.179Z",
"dateUpdated": "2025-12-01T06:20:05.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-40202\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-11-12T22:15:47.403\",\"lastModified\":\"2025-11-14T16:42:30.503\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nipmi: Rework user message limit handling\\n\\nThe limit on the number of user messages had a number of issues,\\nimproper counting in some cases and a use after free.\\n\\nRestructure how this is all done to handle more in the receive message\\nallocation routine, so all refcouting and user message limit counts\\nare done in that routine. It\u0027s a lot cleaner and safer.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0ed73be9a2547ffb9b5c1d879ad9bfab73d920b5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/348121b29594d42d1635648fd3ed31dfa25351d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/53d6e403affbf6df2c859a0ea00ccfc1e72090ca\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b52da4054ee0bf9ecb44996f2c83236ff50b3812\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f63723ca7d7623f9dae1990973cd158671f03c56\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
CERTFR-2026-AVI-0059
Vulnerability from certfr_avis - Published: 2026-01-16 - Updated: 2026-01-16
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | N/A | SUSE Linux Micro Extras 6.0 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 16.0 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise Server High Availability Extension 16.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | N/A | SUSE Linux Micro Extras 6.2 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 16.0 | ||
| SUSE | SUSE Linux Micro | SUSE Linux Micro 6.2 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | SUSE Linux Micro | SUSE Linux Micro 6.1 | ||
| SUSE | SUSE Linux Micro | SUSE Linux Micro 6.0 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro Extras 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server High Availability Extension 16.0",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro Extras 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40166",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40166"
},
{
"name": "CVE-2025-40064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40064"
},
{
"name": "CVE-2025-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40156"
},
{
"name": "CVE-2025-40055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
},
{
"name": "CVE-2025-40048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
},
{
"name": "CVE-2025-40081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
},
{
"name": "CVE-2025-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40153"
},
{
"name": "CVE-2025-40121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40121"
},
{
"name": "CVE-2025-40204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40204"
},
{
"name": "CVE-2025-40171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40171"
},
{
"name": "CVE-2025-40139",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40139"
},
{
"name": "CVE-2025-40187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40187"
},
{
"name": "CVE-2025-40107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40107"
},
{
"name": "CVE-2025-40115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40115"
},
{
"name": "CVE-2025-40198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40198"
},
{
"name": "CVE-2025-40173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40173"
},
{
"name": "CVE-2025-39944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39944"
},
{
"name": "CVE-2025-40202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40202"
},
{
"name": "CVE-2025-39990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39990"
},
{
"name": "CVE-2025-40194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40194"
},
{
"name": "CVE-2025-40001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40001"
},
{
"name": "CVE-2025-39859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39859"
},
{
"name": "CVE-2025-40172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40172"
},
{
"name": "CVE-2025-40188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40188"
},
{
"name": "CVE-2025-40186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40186"
},
{
"name": "CVE-2025-40086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40086"
},
{
"name": "CVE-2025-40169",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40169"
},
{
"name": "CVE-2025-40024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40024"
},
{
"name": "CVE-2025-40070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40070"
},
{
"name": "CVE-2025-40047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40047"
},
{
"name": "CVE-2025-40205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40205"
},
{
"name": "CVE-2025-40033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40033"
},
{
"name": "CVE-2022-50253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50253"
},
{
"name": "CVE-2025-40075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40075"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-40206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40206"
},
{
"name": "CVE-2025-39788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39788"
},
{
"name": "CVE-2025-40197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40197"
},
{
"name": "CVE-2025-40109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40109"
},
{
"name": "CVE-2025-40101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40101"
},
{
"name": "CVE-2025-40006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40006"
},
{
"name": "CVE-2025-40038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40038"
},
{
"name": "CVE-2025-39805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39805"
},
{
"name": "CVE-2025-40176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40176"
},
{
"name": "CVE-2025-40201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40201"
},
{
"name": "CVE-2025-40183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40183"
},
{
"name": "CVE-2025-40134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40134"
},
{
"name": "CVE-2023-53574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53574"
},
{
"name": "CVE-2025-40165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40165"
},
{
"name": "CVE-2025-38257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38257"
},
{
"name": "CVE-2025-40161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40161"
},
{
"name": "CVE-2025-37916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37916"
},
{
"name": "CVE-2025-38359",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38359"
},
{
"name": "CVE-2025-40177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40177"
},
{
"name": "CVE-2025-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38728"
},
{
"name": "CVE-2025-40074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40074"
},
{
"name": "CVE-2025-40116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40116"
},
{
"name": "CVE-2025-40158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40158"
},
{
"name": "CVE-2025-40127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40127"
},
{
"name": "CVE-2025-40168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40168"
},
{
"name": "CVE-2025-40053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
},
{
"name": "CVE-2025-38085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
},
{
"name": "CVE-2025-40120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40120"
},
{
"name": "CVE-2025-40185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40185"
},
{
"name": "CVE-2025-40098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40098"
},
{
"name": "CVE-2025-40196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40196"
},
{
"name": "CVE-2025-40129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40129"
},
{
"name": "CVE-2025-40040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40040"
},
{
"name": "CVE-2025-40207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40207"
},
{
"name": "CVE-2025-40118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40118"
},
{
"name": "CVE-2025-40157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40157"
},
{
"name": "CVE-2025-40021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
},
{
"name": "CVE-2025-40135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40135"
},
{
"name": "CVE-2025-40105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
},
{
"name": "CVE-2025-40083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40083"
},
{
"name": "CVE-2025-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
},
{
"name": "CVE-2025-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40149"
},
{
"name": "CVE-2025-40164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40164"
},
{
"name": "CVE-2025-40031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40031"
},
{
"name": "CVE-2025-40180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40180"
},
{
"name": "CVE-2025-40203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40203"
},
{
"name": "CVE-2025-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40192"
},
{
"name": "CVE-2025-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40200"
},
{
"name": "CVE-2025-40102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40102"
},
{
"name": "CVE-2025-40111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40111"
},
{
"name": "CVE-2025-39961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39961"
},
{
"name": "CVE-2025-40133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40133"
},
{
"name": "CVE-2025-40059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40059"
},
{
"name": "CVE-2025-39897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39897"
},
{
"name": "CVE-2025-40003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40003"
},
{
"name": "CVE-2025-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40175"
},
{
"name": "CVE-2023-53676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53676"
},
{
"name": "CVE-2025-40178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40178"
},
{
"name": "CVE-2025-38321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38321"
},
{
"name": "CVE-2025-39917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39917"
},
{
"name": "CVE-2025-39831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39831"
},
{
"name": "CVE-2025-39822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39822"
},
{
"name": "CVE-2025-40141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40141"
},
{
"name": "CVE-2025-40132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40132"
},
{
"name": "CVE-2025-40110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40110"
},
{
"name": "CVE-2025-40162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40162"
},
{
"name": "CVE-2025-39980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
},
{
"name": "CVE-2025-38084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
},
{
"name": "CVE-2025-40030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
},
{
"name": "CVE-2025-39819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39819"
},
{
"name": "CVE-2025-40140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40140"
},
{
"name": "CVE-2025-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21710"
},
{
"name": "CVE-2025-40142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40142"
},
{
"name": "CVE-2025-40159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40159"
},
{
"name": "CVE-2025-38361",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38361"
}
],
"initial_release_date": "2026-01-16T00:00:00",
"last_revision_date": "2026-01-16T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0059",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20015-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620015-1"
},
{
"published_at": "2026-01-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:0090-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260090-1"
},
{
"published_at": "2026-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20039-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620039-1"
},
{
"published_at": "2026-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20059-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620059-1"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20012-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620012-1"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:20021-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620021-1"
},
{
"published_at": "2026-01-12",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:0107-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260107-1"
}
]
}
CERTFR-2025-AVI-1048
Vulnerability from certfr_avis - Published: 2025-11-28 - Updated: 2025-11-28
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 6.1.158-1~deb11u1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-39987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40156"
},
{
"name": "CVE-2025-40055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
},
{
"name": "CVE-2025-40029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
},
{
"name": "CVE-2025-40008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40008"
},
{
"name": "CVE-2025-40048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
},
{
"name": "CVE-2025-40043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
},
{
"name": "CVE-2025-39973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
},
{
"name": "CVE-2025-39943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39943"
},
{
"name": "CVE-2025-39945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
},
{
"name": "CVE-2025-40100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40100"
},
{
"name": "CVE-2025-40019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
},
{
"name": "CVE-2025-40081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2025-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40153"
},
{
"name": "CVE-2025-40103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
},
{
"name": "CVE-2025-40121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40121"
},
{
"name": "CVE-2025-40204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40204"
},
{
"name": "CVE-2025-40171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40171"
},
{
"name": "CVE-2025-40056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40056"
},
{
"name": "CVE-2025-40125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40125"
},
{
"name": "CVE-2025-40187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40187"
},
{
"name": "CVE-2025-40092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
},
{
"name": "CVE-2025-39967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
},
{
"name": "CVE-2025-40107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40107"
},
{
"name": "CVE-2025-40115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40115"
},
{
"name": "CVE-2025-40198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40198"
},
{
"name": "CVE-2025-39942",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39942"
},
{
"name": "CVE-2025-39929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
},
{
"name": "CVE-2025-39949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
},
{
"name": "CVE-2025-40173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40173"
},
{
"name": "CVE-2025-40190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40190"
},
{
"name": "CVE-2025-40010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40010"
},
{
"name": "CVE-2025-39944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39944"
},
{
"name": "CVE-2025-40202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40202"
},
{
"name": "CVE-2025-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
},
{
"name": "CVE-2025-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40167"
},
{
"name": "CVE-2025-39969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
},
{
"name": "CVE-2025-40194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40194"
},
{
"name": "CVE-2025-40104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40104"
},
{
"name": "CVE-2025-40001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40001"
},
{
"name": "CVE-2025-40035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
},
{
"name": "CVE-2025-39988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39988"
},
{
"name": "CVE-2025-40020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
},
{
"name": "CVE-2025-40188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40188"
},
{
"name": "CVE-2025-40186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40186"
},
{
"name": "CVE-2025-40013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40013"
},
{
"name": "CVE-2025-40049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
},
{
"name": "CVE-2025-40070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40070"
},
{
"name": "CVE-2025-40106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
},
{
"name": "CVE-2025-40205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40205"
},
{
"name": "CVE-2025-39977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39977"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-39970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
},
{
"name": "CVE-2025-40032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40032"
},
{
"name": "CVE-2025-39994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
},
{
"name": "CVE-2025-40088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
},
{
"name": "CVE-2025-40062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40062"
},
{
"name": "CVE-2025-40197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40197"
},
{
"name": "CVE-2025-40109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40109"
},
{
"name": "CVE-2025-40006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40006"
},
{
"name": "CVE-2025-40011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40011"
},
{
"name": "CVE-2025-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
},
{
"name": "CVE-2025-40176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40176"
},
{
"name": "CVE-2025-40193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40193"
},
{
"name": "CVE-2025-40201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40201"
},
{
"name": "CVE-2025-40084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40084"
},
{
"name": "CVE-2025-40183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40183"
},
{
"name": "CVE-2025-39998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
},
{
"name": "CVE-2025-40134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40134"
},
{
"name": "CVE-2025-39968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
},
{
"name": "CVE-2025-39986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39986"
},
{
"name": "CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"name": "CVE-2025-40078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
},
{
"name": "CVE-2025-40116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40116"
},
{
"name": "CVE-2025-39934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
},
{
"name": "CVE-2025-39978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39978"
},
{
"name": "CVE-2025-40179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40179"
},
{
"name": "CVE-2025-40127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40127"
},
{
"name": "CVE-2025-39996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39996"
},
{
"name": "CVE-2025-40053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
},
{
"name": "CVE-2025-39951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39951"
},
{
"name": "CVE-2025-40120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40120"
},
{
"name": "CVE-2025-39938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39938"
},
{
"name": "CVE-2025-39982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39982"
},
{
"name": "CVE-2025-40040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40040"
},
{
"name": "CVE-2025-40207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40207"
},
{
"name": "CVE-2025-40095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40095"
},
{
"name": "CVE-2025-40118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40118"
},
{
"name": "CVE-2025-40021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
},
{
"name": "CVE-2025-39964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
},
{
"name": "CVE-2025-39993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
},
{
"name": "CVE-2025-40044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
},
{
"name": "CVE-2025-40105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
},
{
"name": "CVE-2025-40112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40112"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2025-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
},
{
"name": "CVE-2025-40093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40093"
},
{
"name": "CVE-2025-40099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
},
{
"name": "CVE-2025-40126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40126"
},
{
"name": "CVE-2025-39972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
},
{
"name": "CVE-2025-40018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40018"
},
{
"name": "CVE-2025-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40200"
},
{
"name": "CVE-2025-40124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40124"
},
{
"name": "CVE-2025-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
},
{
"name": "CVE-2025-40080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40080"
},
{
"name": "CVE-2025-40111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40111"
},
{
"name": "CVE-2025-40068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
},
{
"name": "CVE-2025-40042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
},
{
"name": "CVE-2025-39957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39957"
},
{
"name": "CVE-2025-39931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39931"
},
{
"name": "CVE-2025-39937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
},
{
"name": "CVE-2025-40060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
},
{
"name": "CVE-2025-40123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40123"
},
{
"name": "CVE-2025-40178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40178"
},
{
"name": "CVE-2025-39985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
},
{
"name": "CVE-2025-40141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40141"
},
{
"name": "CVE-2025-39946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
},
{
"name": "CVE-2025-39980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
},
{
"name": "CVE-2025-40036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40036"
},
{
"name": "CVE-2025-40030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
},
{
"name": "CVE-2025-39995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39995"
},
{
"name": "CVE-2025-40096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
},
{
"name": "CVE-2025-40022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40022"
},
{
"name": "CVE-2025-40140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40140"
},
{
"name": "CVE-2025-40051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40051"
},
{
"name": "CVE-2025-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
}
],
"initial_release_date": "2025-11-28T00:00:00",
"last_revision_date": "2025-11-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": "2025-11-25",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4379-1",
"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00022.html"
}
]
}
CERTFR-2025-AVI-1048
Vulnerability from certfr_avis - Published: 2025-11-28 - Updated: 2025-11-28
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 6.1.158-1~deb11u1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-39987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40156"
},
{
"name": "CVE-2025-40055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
},
{
"name": "CVE-2025-40029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
},
{
"name": "CVE-2025-40008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40008"
},
{
"name": "CVE-2025-40048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
},
{
"name": "CVE-2025-40043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
},
{
"name": "CVE-2025-39973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
},
{
"name": "CVE-2025-39943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39943"
},
{
"name": "CVE-2025-39945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
},
{
"name": "CVE-2025-40100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40100"
},
{
"name": "CVE-2025-40019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
},
{
"name": "CVE-2025-40081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2025-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40153"
},
{
"name": "CVE-2025-40103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
},
{
"name": "CVE-2025-40121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40121"
},
{
"name": "CVE-2025-40204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40204"
},
{
"name": "CVE-2025-40171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40171"
},
{
"name": "CVE-2025-40056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40056"
},
{
"name": "CVE-2025-40125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40125"
},
{
"name": "CVE-2025-40187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40187"
},
{
"name": "CVE-2025-40092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
},
{
"name": "CVE-2025-39967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
},
{
"name": "CVE-2025-40107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40107"
},
{
"name": "CVE-2025-40115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40115"
},
{
"name": "CVE-2025-40198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40198"
},
{
"name": "CVE-2025-39942",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39942"
},
{
"name": "CVE-2025-39929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
},
{
"name": "CVE-2025-39949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
},
{
"name": "CVE-2025-40173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40173"
},
{
"name": "CVE-2025-40190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40190"
},
{
"name": "CVE-2025-40010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40010"
},
{
"name": "CVE-2025-39944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39944"
},
{
"name": "CVE-2025-40202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40202"
},
{
"name": "CVE-2025-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
},
{
"name": "CVE-2025-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40167"
},
{
"name": "CVE-2025-39969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
},
{
"name": "CVE-2025-40194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40194"
},
{
"name": "CVE-2025-40104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40104"
},
{
"name": "CVE-2025-40001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40001"
},
{
"name": "CVE-2025-40035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
},
{
"name": "CVE-2025-39988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39988"
},
{
"name": "CVE-2025-40020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
},
{
"name": "CVE-2025-40188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40188"
},
{
"name": "CVE-2025-40186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40186"
},
{
"name": "CVE-2025-40013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40013"
},
{
"name": "CVE-2025-40049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
},
{
"name": "CVE-2025-40070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40070"
},
{
"name": "CVE-2025-40106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
},
{
"name": "CVE-2025-40205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40205"
},
{
"name": "CVE-2025-39977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39977"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-39970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
},
{
"name": "CVE-2025-40032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40032"
},
{
"name": "CVE-2025-39994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
},
{
"name": "CVE-2025-40088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
},
{
"name": "CVE-2025-40062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40062"
},
{
"name": "CVE-2025-40197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40197"
},
{
"name": "CVE-2025-40109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40109"
},
{
"name": "CVE-2025-40006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40006"
},
{
"name": "CVE-2025-40011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40011"
},
{
"name": "CVE-2025-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
},
{
"name": "CVE-2025-40176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40176"
},
{
"name": "CVE-2025-40193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40193"
},
{
"name": "CVE-2025-40201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40201"
},
{
"name": "CVE-2025-40084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40084"
},
{
"name": "CVE-2025-40183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40183"
},
{
"name": "CVE-2025-39998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
},
{
"name": "CVE-2025-40134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40134"
},
{
"name": "CVE-2025-39968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
},
{
"name": "CVE-2025-39986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39986"
},
{
"name": "CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"name": "CVE-2025-40078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
},
{
"name": "CVE-2025-40116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40116"
},
{
"name": "CVE-2025-39934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
},
{
"name": "CVE-2025-39978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39978"
},
{
"name": "CVE-2025-40179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40179"
},
{
"name": "CVE-2025-40127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40127"
},
{
"name": "CVE-2025-39996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39996"
},
{
"name": "CVE-2025-40053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
},
{
"name": "CVE-2025-39951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39951"
},
{
"name": "CVE-2025-40120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40120"
},
{
"name": "CVE-2025-39938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39938"
},
{
"name": "CVE-2025-39982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39982"
},
{
"name": "CVE-2025-40040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40040"
},
{
"name": "CVE-2025-40207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40207"
},
{
"name": "CVE-2025-40095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40095"
},
{
"name": "CVE-2025-40118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40118"
},
{
"name": "CVE-2025-40021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
},
{
"name": "CVE-2025-39964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
},
{
"name": "CVE-2025-39993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
},
{
"name": "CVE-2025-40044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
},
{
"name": "CVE-2025-40105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
},
{
"name": "CVE-2025-40112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40112"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2025-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
},
{
"name": "CVE-2025-40093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40093"
},
{
"name": "CVE-2025-40099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
},
{
"name": "CVE-2025-40126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40126"
},
{
"name": "CVE-2025-39972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
},
{
"name": "CVE-2025-40018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40018"
},
{
"name": "CVE-2025-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40200"
},
{
"name": "CVE-2025-40124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40124"
},
{
"name": "CVE-2025-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
},
{
"name": "CVE-2025-40080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40080"
},
{
"name": "CVE-2025-40111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40111"
},
{
"name": "CVE-2025-40068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
},
{
"name": "CVE-2025-40042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
},
{
"name": "CVE-2025-39957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39957"
},
{
"name": "CVE-2025-39931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39931"
},
{
"name": "CVE-2025-39937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
},
{
"name": "CVE-2025-40060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
},
{
"name": "CVE-2025-40123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40123"
},
{
"name": "CVE-2025-40178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40178"
},
{
"name": "CVE-2025-39985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
},
{
"name": "CVE-2025-40141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40141"
},
{
"name": "CVE-2025-39946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
},
{
"name": "CVE-2025-39980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
},
{
"name": "CVE-2025-40036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40036"
},
{
"name": "CVE-2025-40030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
},
{
"name": "CVE-2025-39995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39995"
},
{
"name": "CVE-2025-40096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
},
{
"name": "CVE-2025-40022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40022"
},
{
"name": "CVE-2025-40140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40140"
},
{
"name": "CVE-2025-40051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40051"
},
{
"name": "CVE-2025-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
}
],
"initial_release_date": "2025-11-28T00:00:00",
"last_revision_date": "2025-11-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": "2025-11-25",
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4379-1",
"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00022.html"
}
]
}
GHSA-CC93-7WPM-WQH7
Vulnerability from github – Published: 2025-11-13 00:30 – Updated: 2025-11-13 00:30
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
ipmi: Rework user message limit handling
The limit on the number of user messages had a number of issues, improper counting in some cases and a use after free.
Restructure how this is all done to handle more in the receive message allocation routine, so all refcouting and user message limit counts are done in that routine. It's a lot cleaner and safer.
{
"affected": [],
"aliases": [
"CVE-2025-40202"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-12T22:15:47Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: Rework user message limit handling\n\nThe limit on the number of user messages had a number of issues,\nimproper counting in some cases and a use after free.\n\nRestructure how this is all done to handle more in the receive message\nallocation routine, so all refcouting and user message limit counts\nare done in that routine. It\u0027s a lot cleaner and safer.",
"id": "GHSA-cc93-7wpm-wqh7",
"modified": "2025-11-13T00:30:18Z",
"published": "2025-11-13T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40202"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ed73be9a2547ffb9b5c1d879ad9bfab73d920b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/348121b29594d42d1635648fd3ed31dfa25351d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/53d6e403affbf6df2c859a0ea00ccfc1e72090ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b52da4054ee0bf9ecb44996f2c83236ff50b3812"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f63723ca7d7623f9dae1990973cd158671f03c56"
}
],
"schema_version": "1.4.0",
"severity": []
}
MSRC_CVE-2025-40202
Vulnerability from csaf_microsoft - Published: 2025-11-02 00:00 - Updated: 2025-12-07 01:35Summary
ipmi: Rework user message limit handling
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40202 ipmi: Rework user message limit handling - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40202.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "ipmi: Rework user message limit handling",
"tracking": {
"current_release_date": "2025-12-07T01:35:54.000Z",
"generator": {
"date": "2025-12-07T15:03:05.337Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-40202",
"initial_release_date": "2025-11-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-11-14T01:03:13.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-07T01:35:54.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 kernel 6.6.112.1-2",
"product": {
"name": "\u003cazl3 kernel 6.6.112.1-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 kernel 6.6.112.1-2",
"product": {
"name": "azl3 kernel 6.6.112.1-2",
"product_id": "20613"
}
}
],
"category": "product_name",
"name": "kernel"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 kernel 6.6.112.1-2 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 6.6.112.1-2 as a component of Azure Linux 3.0",
"product_id": "20613-17084"
},
"product_reference": "20613",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40202",
"notes": [
{
"category": "general",
"text": "Linux",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20613-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-40202 ipmi: Rework user message limit handling - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40202.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-14T01:03:13.000Z",
"details": "6.6.117.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"title": "ipmi: Rework user message limit handling"
}
]
}
WID-SEC-W-2025-2595
Vulnerability from csaf_certbund - Published: 2025-11-12 23:00 - Updated: 2026-01-05 23:00Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einer Denial-of-Service- Bedingung f\u00fchren oder eine Speicherbesch\u00e4digung verursachen k\u00f6nnen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2595 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2595.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2595 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2595"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40178",
"url": "https://lore.kernel.org/linux-cve-announce/2025111240-CVE-2025-40178-8673@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40179",
"url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40179-6d22@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40180",
"url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40180-8258@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40181",
"url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40181-f51c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40182",
"url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40182-fa1b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40183",
"url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40183-fb2f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40184",
"url": "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40184-9760@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40185",
"url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40185-0689@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40186",
"url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40186-b204@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40187",
"url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40187-7826@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40188",
"url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40188-86c5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40189",
"url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40189-c4ca@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40190",
"url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40190-b6bc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40191",
"url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40191-1ea5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40192",
"url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40192-6344@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40193",
"url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40193-6519@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40194",
"url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40194-d959@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40195",
"url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40195-f91e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40196",
"url": "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40196-f1fa@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40197",
"url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40197-e5de@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40198",
"url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40198-7a99@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40199",
"url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40199-054c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40200",
"url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40200-c514@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40201",
"url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40201-b8fe@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40202",
"url": "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40202-f5ad@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40203",
"url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40203-c83b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40204",
"url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40204-0f06@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40205",
"url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40205-ad43@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40206",
"url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40206-b396@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40207",
"url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40207-3528@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-40208",
"url": "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40208-ded6@gregkh/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4379 vom 2025-11-25",
"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22392 vom 2025-12-01",
"url": "https://access.redhat.com/errata/RHSA-2025:22392"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22405 vom 2025-12-01",
"url": "https://access.redhat.com/errata/RHSA-2025:22405"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-22405 vom 2025-12-02",
"url": "https://linux.oracle.com/errata/ELSA-2025-22405.html"
},
{
"category": "external",
"summary": "Container-Optimized OS release notes vom 2025-12-03",
"url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#December_02_2025"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:22405 vom 2025-12-04",
"url": "https://errata.build.resf.org/RLSA-2025:22405"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22854 vom 2025-12-08",
"url": "https://access.redhat.com/errata/RHSA-2025:22854"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-22854 vom 2025-12-09",
"url": "https://linux.oracle.com/errata/ELSA-2025-22854.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2025-095 vom 2025-12-08",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2025-095.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-28048 vom 2025-12-12",
"url": "https://linux.oracle.com/errata/ELSA-2025-28048.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-28049 vom 2025-12-15",
"url": "https://oss.oracle.com/pipermail/el-errata/2025-December/019260.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:22854 vom 2025-12-14",
"url": "https://errata.build.resf.org/RLSA-2025:22854"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4404 vom 2025-12-12",
"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00015.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-28049 vom 2025-12-15",
"url": "https://linux.oracle.com/errata/ELSA-2025-28049.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4393-1 vom 2025-12-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023538.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23424 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23424"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23450 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23450"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23422 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23422"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23426 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23426"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23423 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23423"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23427 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23427"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23425 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23425"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4422-1 vom 2025-12-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023573.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23463 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23463"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4506-1 vom 2025-12-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WTUJ36GACHYQN5EBFUNRPSW63S3SZXJ5/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4505-1 vom 2025-12-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3D5W2444LYTUJVXYGB63LTMU25GRLRJR/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4515-1 vom 2025-12-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023647.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4516-1 vom 2025-12-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023646.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4517-1 vom 2025-12-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023649.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4521-1 vom 2025-12-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023651.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4530-1 vom 2025-12-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023658.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4530-1 vom 2025-12-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3ZJXHV4TJM3LRAHWS7AE4LY344HKKW3D/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0029-1 vom 2026-01-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023679.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-05T23:00:00.000+00:00",
"generator": {
"date": "2026-01-06T08:36:17.250+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2595",
"initial_release_date": "2025-11-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-11-30T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-02T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-12-08T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat, Oracle Linux und Amazon aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux, Rocky Enterprise Software Foundation und Debian aufgenommen"
},
{
"date": "2025-12-15T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-16T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2025-12-22T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-23T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-28T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-29T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-05T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "15"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T028462",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:unspecified"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-40178",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40178"
},
{
"cve": "CVE-2025-40179",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40179"
},
{
"cve": "CVE-2025-40180",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40180"
},
{
"cve": "CVE-2025-40181",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40181"
},
{
"cve": "CVE-2025-40182",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40182"
},
{
"cve": "CVE-2025-40183",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40183"
},
{
"cve": "CVE-2025-40184",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40184"
},
{
"cve": "CVE-2025-40185",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40185"
},
{
"cve": "CVE-2025-40186",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40186"
},
{
"cve": "CVE-2025-40187",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40187"
},
{
"cve": "CVE-2025-40188",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40188"
},
{
"cve": "CVE-2025-40189",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40189"
},
{
"cve": "CVE-2025-40190",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40190"
},
{
"cve": "CVE-2025-40191",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40191"
},
{
"cve": "CVE-2025-40192",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40192"
},
{
"cve": "CVE-2025-40193",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40193"
},
{
"cve": "CVE-2025-40194",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40194"
},
{
"cve": "CVE-2025-40195",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40195"
},
{
"cve": "CVE-2025-40196",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40196"
},
{
"cve": "CVE-2025-40197",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40197"
},
{
"cve": "CVE-2025-40198",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40198"
},
{
"cve": "CVE-2025-40199",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40199"
},
{
"cve": "CVE-2025-40200",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40200"
},
{
"cve": "CVE-2025-40201",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40201"
},
{
"cve": "CVE-2025-40202",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40202"
},
{
"cve": "CVE-2025-40203",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40203"
},
{
"cve": "CVE-2025-40204",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40204"
},
{
"cve": "CVE-2025-40205",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40205"
},
{
"cve": "CVE-2025-40206",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40206"
},
{
"cve": "CVE-2025-40207",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40207"
},
{
"cve": "CVE-2025-40208",
"product_status": {
"known_affected": [
"T028462",
"2951",
"T002207",
"67646",
"398363",
"T004914",
"1607324",
"T032255"
]
},
"release_date": "2025-11-12T23:00:00.000+00:00",
"title": "CVE-2025-40208"
}
]
}
FKIE_CVE-2025-40202
Vulnerability from fkie_nvd - Published: 2025-11-12 22:15 - Updated: 2025-11-14 16:42
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipmi: Rework user message limit handling
The limit on the number of user messages had a number of issues,
improper counting in some cases and a use after free.
Restructure how this is all done to handle more in the receive message
allocation routine, so all refcouting and user message limit counts
are done in that routine. It's a lot cleaner and safer.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: Rework user message limit handling\n\nThe limit on the number of user messages had a number of issues,\nimproper counting in some cases and a use after free.\n\nRestructure how this is all done to handle more in the receive message\nallocation routine, so all refcouting and user message limit counts\nare done in that routine. It\u0027s a lot cleaner and safer."
}
],
"id": "CVE-2025-40202",
"lastModified": "2025-11-14T16:42:30.503",
"metrics": {},
"published": "2025-11-12T22:15:47.403",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/0ed73be9a2547ffb9b5c1d879ad9bfab73d920b5"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/348121b29594d42d1635648fd3ed31dfa25351d5"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/53d6e403affbf6df2c859a0ea00ccfc1e72090ca"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/b52da4054ee0bf9ecb44996f2c83236ff50b3812"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/f63723ca7d7623f9dae1990973cd158671f03c56"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…