CVE-2025-40240

Linux Kernel - NULL Pointer Dereference in SCTP Chunk Data Buffer Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Check for frag_list instead and do it just before replacing chunk->skb. We're sure that otherwise chunk->skb is non-NULL because of outer if() condition.

Scores

EPSS 0.0018
EPSS Percentile 8.1%

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (25)
linux/Kernel 4.8.0 - 5.4.301linux
linux/Kernel 5.11.0 - 5.15.196linux
linux/Kernel 5.16.0 - 6.1.158linux
linux/Kernel 5.5.0 - 5.10.246linux
linux/Kernel 6.13.0 - 6.17.6linux
linux/Kernel 6.2.0 - 6.6.115linux
linux/Kernel 6.7.0 - 6.12.56linux
Linux/Linux < 4.8
Linux/Linux 4.8
Linux/Linux 5.10.246 - 5.10.*
... and 15 more
Published Dec 04, 2025
Tracked Since Feb 18, 2026