What is CVE-2025-40281?

CVE-2025-40281 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.16 onward and patched in 5.4.302, 5.10.247, 5.15.197 and others. CVE-2025-40281 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40281?

CVE-2025-40281 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40281?

Yes, CVE-2025-40281 has been patched. Fixed versions include 5.4.302, 5.10.247, 5.15.197 and others. If you are running Linux kernel 3.16 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40281 actively exploited?

CVE-2025-40281 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40281

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto syzbot reported a possible shift-out-of-bounds [1] Blamed commit added rto_alpha_max and rto_beta_max set to 1000. It is unclear if some sctp users are setting very large rto_alpha and/or rto_beta. In order to prevent user regression, perform the test at run time. Also add READ_ONCE() annotations as sysctl values can change under us. [1] UBSAN: shift-out-of-bounds in net/sctp/transport.c:509:41 shift exponent 64 is too large for 32-bit type 'unsigned int' CPU: 0 UID: 0 PID: 16704 Comm: syz.2.2320 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:233 [inline] __ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:494 sctp_transport_update_rto.cold+0x1c/0x34b net/sctp/transport.c:509 sctp_check_transmitted+0x11c4/0x1c30 net/sctp/outqueue.c:1502 sctp_outq_sack+0x4ef/0x1b20 net/sctp/outqueue.c:1338 sctp_cmd_process_sack net/sctp/sm_sideeffect.c:840 [inline] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1372 [inline]

Package Linux Kernel

Published 2025-12-06

Last modified 2026-06-02

Patch available

Yes

Affected versions

Linux kernel versions 3.16 and later are affected. Fixed in 5.4.302, 5.10.247, 5.15.197, 6.1.159, 6.6.117, 6.12.59, 6.17.9, 6.18 and their respective stable series.

Affected from

≥ 3.16

Fixed in

✓ 5.4.302 5.4.x ✓ 5.10.247 5.10.x ✓ 5.15.197 5.15.x ✓ 6.1.159 6.1.x ✓ 6.6.117 6.6.x ✓ 6.12.59 6.12.x ✓ 6.17.9 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40281 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Kernel patch commit
https://git.kernel.org/stable/c/0e0413e3315199b23ff4aec295e256034cd0a6e4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1534ff77757e44bcc4b98d0196bc5c0052fce5fa
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1cfa4eac275cc4875755c1303d48a4ddfe507ca8
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40281?

CVE-2025-40281 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.16 onward and has been patched in 5.4.302, 5.10.247, 5.15.197 and others. CVE-2025-40281 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40281?

Yes — CVE-2025-40281 has been patched. Fixed versions include 5.4.302, 5.10.247, 5.15.197 and others. If you are running Linux kernel 3.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40281 actively exploited?

No — CVE-2025-40281 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.