CVE-2025-40266

Dec. 4, 2025, 5:15 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX] is set from the host kernel.

Product(s) Impacted

Product Versions
linux_kernel
  • *
kvm
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/103e17aac09cdd358133f9e00998b75d6c1f1518
https://git.kernel.org/stable/c/bc1909ef38788f2ee3d8011d70bf029948433051
https://git.kernel.org/stable/c/f9f1aed6c8a3427900da3121e1868124854569c3
https://git.kernel.org/stable/c/fc3139d9f4c1fe1c7d5f25f99676bd8e9c6a1041

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-12-04
CVE-2025-40266

Timeline

Published: Dec. 4, 2025, 4:16 p.m.
Last Modified: Dec. 4, 2025, 5:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.