CVE-2025-40053

Опубликовано: 28 окт. 2025

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copy_thresh allocation failure The driver did not handle failure of netdev_alloc_skb_ip_align(). If the allocation failed, dereferencing skb->protocol could lead to a NULL pointer dereference. This patch tries to allocate skb. If the allocation fails, it falls back to the normal path. Tested-on: D-Link DGE-550T Rev-A3

Отчет

The D-Link dl2k RX path failed to handle netdev_alloc_skb_ip_align() returning NULL. On allocation failure, the code could dereference skb (e.g., skb->protocol), causing a kernel NULL-pointer dereference (DoS).

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=2406738kernel: net: dlink: handle copy_thresh allocation failure

EPSS

Процентиль: 21%

0.00068

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-40053

ubuntu

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copy_thresh allocation failure The driver did not handle failure of `netdev_alloc_skb_ip_align()`. If the allocation failed, dereferencing `skb->protocol` could lead to a NULL pointer dereference. This patch tries to allocate `skb`. If the allocation fails, it falls back to the normal path. Tested-on: D-Link DGE-550T Rev-A3