SB2025120894 - NULL pointer dereference in Linux kernel net driver
Published: December 8, 2025
Security Bulletin ID
SB2025120894
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-40292)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the page_to_skb() and receive_big() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0c716703965ffc5ef4311b65cb5d84a703784717
- https://git.kernel.org/stable/c/3e9d89f2ecd3636bd4cbdfd0b2dfdaf58f9882e2
- https://git.kernel.org/stable/c/82f9028e83944a9eee5229cbc6fee9be1de8a62d
- https://git.kernel.org/stable/c/82fe78065450d2d07f36a22e2b6b44955cf5ca5b
- https://git.kernel.org/stable/c/946dec89c41726b94d31147ec528b96af0be1b5a