What is CVE-2025-40245?

CVE-2025-40245 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.12 onward and patched in 5.15.196, 6.1.158, 6.6.115 and others. CVE-2025-40245 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40245?

CVE-2025-40245 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40245?

Yes, CVE-2025-40245 has been patched. Fixed versions include 5.15.196, 6.1.158, 6.6.115 and others. If you are running Linux kernel 5.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40245 actively exploited?

CVE-2025-40245 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40245

In the Linux kernel, the following vulnerability has been resolved: nios2: ensure that memblock.current_limit is set when setting pfn limits On nios2, with CONFIG_FLATMEM set, the kernel relies on memblock_get_current_limit() to determine the limits of mem_map, in particular for max_low_pfn. Unfortunately, memblock.current_limit is only default initialized to MEMBLOCK_ALLOC_ANYWHERE at this point of the bootup, potentially leading to situations where max_low_pfn can erroneously exceed the value of max_pfn and, thus, the valid range of available DRAM. This can in turn cause kernel-level paging failures, e.g.: [ 76.900000] Unable to handle kernel paging request at virtual address 20303000 [ 76.900000] ea = c0080890, ra = c000462c, cause = 14 [ 76.900000] Kernel panic - not syncing: Oops [ 76.900000] ---[ end Kernel panic - not syncing: Oops ]--- This patch fixes this by pre-calculating memblock.current_limit based on the upper limits of the available memory ranges via adjust_lowmem_bounds, a simplified version of the equivalent implementation within the arm architecture.

Package Linux Kernel

Published 2025-12-04

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.12 and later are affected. Fixed in 5.15.196, 6.1.158, 6.6.115, 6.12.56, 6.17.6, 6.18 and their respective stable series.

Affected from

≥ 5.12

Fixed in

✓ 5.15.196 5.15.x ✓ 6.1.158 6.1.x ✓ 6.6.115 6.6.x ✓ 6.12.56 6.12.x ✓ 6.17.6 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40245 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/25f09699edd360b534ccae16bc276c3b52c471f3
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5c3e38a367822f036227dd52bac82dc4a05157e2
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8912814f14e298b83df072fecc1f7ed1b63b1b2c
Patch

6 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40245?

CVE-2025-40245 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.12 onward and has been patched in 5.15.196, 6.1.158, 6.6.115 and others. CVE-2025-40245 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40245?

Yes — CVE-2025-40245 has been patched. Fixed versions include 5.15.196, 6.1.158, 6.6.115 and others. If you are running Linux kernel 5.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40245 actively exploited?

No — CVE-2025-40245 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.