CVE-2025-40192

Vulnerability

Analysis

This CVE documents a revert of a previous patch in the Linux kernel IPMI driver patch (commit c608966f3f9c) that introduced a subtle bug. The original patch aimed to fix a message stack issue when IPMI is disconnected, but it inadvertently caused the IPMI driver to enter an infinite loop if the Baseboard Management Controller (BMC) misbehaves in a specific way [1].

Attack

Vector and Prerequisites

The vulnerability is triggered by a misbehaving BMC, which can cause the IPMI driver to loop indefinitely. The attack surface is local to the system with the IPMI interface, requiring no special privileges beyond access to the BMC communication channel. The bug manifests during normal IPMI message handling when the BMC does not respond as expected [1].

Impact

An attacker who can influence the BMC's behavior (e.g., via a compromised or malicious BMC) could cause a denial of service (DoS) on the host system by making the IPMI driver unresponsive. The infinite loop would consume CPU resources and prevent further IPMI communication, potentially affecting system management functions [1].

Mitigation

The fix is aThe fix is a revert to the previous stable code, removing the problematic patch. Users should apply the updated kernel version containing this revert. No workaround is mentioned beyond updating the kernel [1]