{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40279", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.184Z", "datePublished": "2025-12-06T21:51:03.010Z", "dateUpdated": "2026-05-11T21:46:16.602Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:46:16.602Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_connmark: initialize struct tc_ife to fix kernel leak\n\nIn tcf_connmark_dump(), the variable 'opt' was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sched/act_connmark.c"], "versions": [{"version": "22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae", "lessThan": "218b67c8c8246d47a2a7910eae80abe4861fe2b7", "status": "affected", "versionType": "git"}, {"version": "22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae", "lessThan": "73cc56c608c209d3d666cc571293b090a471da70", "status": "affected", "versionType": "git"}, {"version": "22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae", "lessThan": "31e4aa93e2e5b5647fc235b0f6ee329646878f9e", "status": "affected", "versionType": "git"}, {"version": "22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae", "lessThan": "51cb05d4fd632596816ba44e882e84db9fb28a7e", "status": "affected", "versionType": "git"}, {"version": "22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae", "lessThan": "25837889ec062f2b7618142cd80253dff3da5343", "status": "affected", "versionType": "git"}, {"version": "22a5dc0e5e3e8fef804230cd73ed7b0afd4c7bae", "lessThan": "62b656e43eaeae445a39cd8021a4f47065af4389", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sched/act_connmark.c"], "versions": [{"version": "4.0", "status": "affected"}, {"version": "0", "lessThan": "4.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.197", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.159", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.117", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.59", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.9", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.15.197"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.1.159"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.6.117"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.12.59"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.17.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/218b67c8c8246d47a2a7910eae80abe4861fe2b7"}, {"url": "https://git.kernel.org/stable/c/73cc56c608c209d3d666cc571293b090a471da70"}, {"url": "https://git.kernel.org/stable/c/31e4aa93e2e5b5647fc235b0f6ee329646878f9e"}, {"url": "https://git.kernel.org/stable/c/51cb05d4fd632596816ba44e882e84db9fb28a7e"}, {"url": "https://git.kernel.org/stable/c/25837889ec062f2b7618142cd80253dff3da5343"}, {"url": "https://git.kernel.org/stable/c/62b656e43eaeae445a39cd8021a4f47065af4389"}], "title": "net: sched: act_connmark: initialize struct tc_ife to fix kernel leak", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_connmark: initialize struct tc_ife to fix kernel leak\n\nIn tcf_connmark_dump(), the variable 'opt' was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied."}], "id": "CVE-2025-40279", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2025-12-06T22:15:55.843", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/218b67c8c8246d47a2a7910eae80abe4861fe2b7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/25837889ec062f2b7618142cd80253dff3da5343"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/31e4aa93e2e5b5647fc235b0f6ee329646878f9e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/51cb05d4fd632596816ba44e882e84db9fb28a7e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/62b656e43eaeae445a39cd8021a4f47065af4389"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/73cc56c608c209d3d666cc571293b090a471da70"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak", "id": "2419842", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419842"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: sched: act_connmark: initialize struct tc_ife to fix kernel leak\nIn tcf_connmark_dump(), the variable 'opt' was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied."], "name": "CVE-2025-40279", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40279\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40279\nhttps://lore.kernel.org/linux-cve-announce/2025120717-CVE-2025-40279-81d3@gregkh/T"], "threat_severity": "Important"}

{}