AZL-68852

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68852.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68852

Upstream

CVE-2025-40035

Published

2025-10-28T12:15:37Z

Modified

2026-04-01T05:21:30.023471Z

Summary

CVE-2025-40035 affecting package kernel for versions less than 6.6.112.1-2

Details

In the Linux kernel, the following vulnerability has been resolved:

Input: uinput - zero-initialize uinputffupload_compat to avoid info leak

Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satisfy alignment requirements for the following union member. Without clearing the structure, copytouser() may leak stack data to userspace.

Initialize ffupcompat to zero before filling valid fields.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-40035

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.112.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68852.json"