CVE-2025-40240
Linux Kernel - NULL Pointer Dereference in SCTP Chunk Data Buffer Handling
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Check for frag_list instead and do it just before replacing chunk->skb. We're sure that otherwise chunk->skb is non-NULL because of outer if() condition.
References (8)
Core 8
Core References
Scores
EPSS
0.0018
EPSS Percentile
8.1%
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (25)
linux/Kernel
4.8.0 - 5.4.301linux
linux/Kernel
5.11.0 - 5.15.196linux
linux/Kernel
5.16.0 - 6.1.158linux
linux/Kernel
5.5.0 - 5.10.246linux
linux/Kernel
6.13.0 - 6.17.6linux
linux/Kernel
6.2.0 - 6.6.115linux
linux/Kernel
6.7.0 - 6.12.56linux
Linux/Linux
< 4.8
Linux/Linux
4.8
Linux/Linux
5.10.246 - 5.10.*
... and 15 more
Published
Dec 04, 2025
Tracked Since
Feb 18, 2026