CVE-2025-40264
Description
In the Linux kernel, the following vulnerability has been resolved:
be2net: pass wrb_params in case of OS2BMC
be_insert_vlan_in_pkt() is called with the wrb_params argument being NULL at be_send_pkt_to_bmc() call site. This may lead to dereferencing a NULL pointer when processing a workaround for specific packet, as commit bc0c3405abbb ("be2net: fix a Tx stall bug caused by a specific ipv6 packet") states.
The correct way would be to pass the wrb_params from be_xmit().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's be2net driver, a NULL pointer dereference vulnerability exists when sending packets to BMC, potentially leading to a system crash.
In the Linux kernel's be2net driver, a NULL pointer dereference vulnerability affects the processing of packets sent to the Baseboard Management Controller (BMC). The function be_insert_vlan_in_pkt() is called with a NULL wrb_params argument at the be_send_pkt_to_bmc() call site, which may lead to a NULL pointer dereference when handling a workaround for a specific IPv6 packet [1].
To exploit this vulnerability, an attacker needs to trigger the specific packet condition that invokes the workaround path. This could potentially be achieved by sending crafted network packets to the system, though the exact prerequisites are not detailed. The issue does not require authentication if the attacker can control network traffic reaching the affected driver [1].
A successful exploitation could cause a kernel NULL pointer dereference, leading to a system crash or denial of service. No further impact such as code execution is described in the source [1].
The vulnerability is fixed in updated Linux kernel stable releases. The commit referenced addresses the issue by ensuring wrb_params is properly passed from be_xmit(). System administrators should apply the latest kernel updates to mitigate this vulnerability [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
848d59b60dd5df499dfa5c98e630360c6724e012ee5882b18ce0a3699244a1ecd86ec6efd4c4741f6e7f27d277a7a5857Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/012ee5882b1830db469194466a210768ed207388nvd
- git.kernel.org/stable/c/1ecd86ec6efddb59a10c927e8e679f183bb9113envd
- git.kernel.org/stable/c/48d59b60dd5d7e4c48c077a2008c9dcd7b59bdfenvd
- git.kernel.org/stable/c/4c4741f6e7f2fa4e1486cb61e1c15b9236ec134dnvd
- git.kernel.org/stable/c/630360c6724e27f1aa494ba3fffe1e38c4205284nvd
- git.kernel.org/stable/c/7d277a7a58578dd62fd546ddaef459ec24ccae36nvd
- git.kernel.org/stable/c/ce0a3699244aca3acb659f143c9cb1327b210f89nvd
- git.kernel.org/stable/c/f499dfa5c98e92e72dd454eb95a1000a448f3405nvd
News mentions
0No linked articles in our index yet.