VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2025-40337

CVE-2025-40337

Description

In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: Correctly handle Rx checksum offload errors

The stmmac_rx function would previously set skb->ip_summed to CHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled and the packet was of a known IP ethertype.

However, this logic failed to check if the hardware had actually reported a checksum error. The hardware status, indicating a header or payload checksum failure, was being ignored at this stage. This could cause corrupt packets to be passed up the network stack as valid.

This patch corrects the logic by checking the csum_none status flag, which is set when the hardware reports a checksum error. If this flag is set, skb->ip_summed is now correctly set to CHECKSUM_NONE, ensuring the kernel's network stack will perform its own validation and properly handle the corrupt packet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel's stmmac driver, Rx checksum offload errors were ignored, allowing corrupt packets to be passed as valid; fixed by checking the hardware error flag.

Vulnerability

Overview

The Linux kernel's stmmac network driver, used for STMicroelectronics Ethernet controllers, contained a flaw in its receive path. When hardware checksum offload (CoE) was enabled and a packet had a known IP ethertype, the stmmac_rx function unconditionally set skb->ip_summed to CHECKSUM_UNNECESSARY. This logic failed to verify whether the hardware had actually reported a checksum error, meaning corrupt packets could be passed up the network stack as if they were valid [1].

Exploitation

Prerequisites

An attacker would need to send packets with intentionally corrupted checksums to a system using the stmmac driver with hardware checksum offload enabled. No authentication is required; the attack is purely network-based. The vulnerability affects the kernel's handling of received frames, so the attacker must be able to deliver malicious packets to the target interface.

Impact

If exploited, the kernel would treat corrupt packets as having valid checksums, potentially leading to data corruption, incorrect protocol processing, or further exploitation of higher-layer vulnerabilities. The fix ensures that when the hardware sets the csum_none status flag (indicating a checksum error), skb->ip_summed is set to CHECKSUM_NONE, forcing the kernel to perform its own validation and properly handle the corrupt packet [1].

Mitigation

The vulnerability is patched in the Linux kernel stable tree via commit ee0aace5f844. Users should update their kernel to include this fix. No workaround is mentioned; disabling hardware checksum offload may reduce risk but is not a complete mitigation.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: >=1aa319e0f12d, <719fcdf29051

Patches

4
63fbe0e64132
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
719fcdf29051
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
1aa319e0f12d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ee0aace5f844
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.