DEBIAN-CVE-2025-40159

In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdpdesc validation Turned out certain clearly invalid values passed in xdpdesc from userspace can pass xp{,un}alignedvalidatedesc() and then lead to UBs or just invalid frames to be queued for xmit. desc->len close to U32_MAX with a non-zero pool->txmetadatalen can cause positive integer overflow and wraparound, the same way low enough desc->addr with a non-zero pool->txmetadatalen can cause negative integer overflow. Both scenarios can then pass the validation successfully. This doesn't happen with valid XSk applications, but can be used to perform attacks. Always promote desc->len to u64 first to exclude positive overflows of it. Use explicit check{add,sub}overflow() when validating desc->addr (which is u64 already). bloat-o-meter reports a little growth of the code size: add/remove: 0/0 grow/shrink: 2/1 up/down: 60/-16 (44) Function old new delta xskqconspeekdesc 299 330 +31 xsktxpeekreleasedescbatch 973 1002 +29 xskgeneric_xmit 3148 3132 -16 but hopefully this doesn't hurt the performance much.