CVE-2025-40202

Linux Kernel 5.19.0-6.1.156, 6.2.0-6.6.112, 6.7.0-6.12.53, 6.13.0-6.17.3 - Use-After-Free in IPMI User Message Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of issues, improper counting in some cases and a use after free. Restructure how this is all done to handle more in the receive message allocation routine, so all refcouting and user message limit counts are done in that routine. It's a lot cleaner and safer.

Scores

EPSS 0.0018
EPSS Percentile 8.1%

Details

Status published
Products (16)
linux/Kernel 5.19.0 - 6.1.157linux
linux/Kernel 6.13.0 - 6.17.4linux
linux/Kernel 6.2.0 - 6.6.113linux
linux/Kernel 6.7.0 - 6.12.54linux
Linux/Linux < 5.19
Linux/Linux 5.19
Linux/Linux 6.1.157 - 6.1.*
Linux/Linux 6.12.54 - 6.12.*
Linux/Linux 6.17.4 - 6.17.*
Linux/Linux 6.18
... and 6 more
Published Nov 12, 2025
Tracked Since Feb 18, 2026