CVE-2025-40279

In tcfconnmarkdump(), the variable 'opt' was partially initialized using a designatied initializer. While the padding bytes are reamined uninitialized. nla_put() copies the entire structure into a netlink message, these uninitialized bytes leaked to userspace.

Initialize the structure with memset before assigning its fields to ensure all members and padding are cleared prior to beign copied.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40279.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae

Fixed

218b67c8c8246d47a2a7910eae80abe4861fe2b7

Fixed

73cc56c608c209d3d666cc571293b090a471da70

Fixed

31e4aa93e2e5b5647fc235b0f6ee329646878f9e

Fixed

51cb05d4fd632596816ba44e882e84db9fb28a7e

Fixed

25837889ec062f2b7618142cd80253dff3da5343

Fixed

62b656e43eaeae445a39cd8021a4f47065af4389

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40279.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

5.15.197

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.159

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.117

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.59

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40279.json"