What is CVE-2025-40071?

CVE-2025-40071 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15.54 onward and patched in 6.6.112, 6.12.53, 6.17.3 and others. CVE-2025-40071 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40071?

CVE-2025-40071 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40071?

Yes, CVE-2025-40071 has been patched. Fixed versions include 6.6.112, 6.12.53, 6.17.3 and others. If you are running Linux kernel 5.15.54 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40071 actively exploited?

CVE-2025-40071 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Don't block input queue by waiting MSC Currently gsm_queue() processes incoming frames and when opening a DLC channel it calls gsm_dlci_open() which calls gsm_modem_update(). If basic mode is used it calls gsm_modem_upd_via_msc() and it cannot block the input queue by waiting the response to come into the same input queue. Instead allow sending Modem Status Command without waiting for remote end to respond. Define a new function gsm_modem_send_initial_msc() for this purpose. As MSC is only valid for basic encoding, it does not do anything for advanced or when convergence layer type 2 is used.

Package Linux Kernel

Published 2025-10-28

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.15.54, 5.17.6, 5.18 and later are affected. Fixed in 6.6.112, 6.12.53, 6.17.3, 6.18 and their respective stable series.

Affected from

≥ 5.15.54 ≥ 5.17.6 ≥ 5.18

Fixed in

✓ 6.6.112 6.6.x ✓ 6.12.53 6.12.x ✓ 6.17.3 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40071 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/3cf0b3c243e56bc43be560617416c1d9f301f44c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5416e89b81b00443cb03c88df8da097ae091a141
Patch
Kernel patch commit
https://git.kernel.org/stable/c/c36785f9de03df56ff9b8eca30fa681a12b2310d
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40071?

CVE-2025-40071 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15.54 onward and has been patched in 6.6.112, 6.12.53, 6.17.3 and others. CVE-2025-40071 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40071?

Yes — CVE-2025-40071 has been patched. Fixed versions include 6.6.112, 6.12.53, 6.17.3 and others. If you are running Linux kernel 5.15.54 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40071 actively exploited?

No — CVE-2025-40071 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.