VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Apr 15, 2026

CVE-2025-40240

CVE-2025-40240

Description

In the Linux kernel, the following vulnerability has been resolved:

sctp: avoid NULL dereference when chunk data buffer is missing

chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only.

chunk->skb can only be NULL if chunk->head_skb is not. Check for frag_list instead and do it just before replacing chunk->skb. We're sure that otherwise chunk->skb is non-NULL because of outer if() condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in the Linux kernel's SCTP implementation can be triggered when chunk data buffer is missing, leading to a system crash.

Vulnerability

In the Linux kernel's SCTP implementation, a NULL pointer dereference occurs when chunk->skb is dereferenced in a code path where it is expected to be NULL. The root cause is that the check for a missing data buffer incorrectly uses chunk->skb instead of checking the frag_list. This flaw was introduced during a previous refactoring and can lead to a kernel crash when triggered [1].

Exploitation

An attacker can exploit this vulnerability by sending specially crafted SCTP packets that cause the chunk data buffer to be missing. No authentication is required if the attacker can send packets to the target system. The vulnerability is reachable from the network if SCTP is enabled on the victim machine [2].

Impact

Successful exploitation results in a kernel NULL pointer dereference, causing a system crash (denial of service). There is no indication of privilege escalation or remote code execution; the primary impact is availability [3].

Mitigation

The fix has been applied to the Linux kernel stable branches. Users should update to the latest patched kernel versions to remediate the vulnerability. No workaround is currently available [1][2][3].

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

8
61cda2777b07
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
08165c296597
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
03e80a4b04ef
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
4f6da435fb5d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
cb9055ba3030
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7a832b0f99be
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
89b465b54227
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
441f0647f767
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.