CVE-2025-40035
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-28

Last updated on: 2025-10-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Struct ff_effect_compat is embedded twice inside uinput_ff_upload_compat, contains internal padding. In particular, there is a hole after struct ff_replay to satisfy alignment requirements for the following union member. Without clearing the structure, copy_to_user() may leak stack data to userspace. Initialize ff_up_compat to zero before filling valid fields.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-28
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40035
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the uinput subsystem where the structure uinput_ff_upload_compat was not zero-initialized before use. Because the structure contains internal padding and is embedded twice, uninitialized memory (stack data) could be leaked to userspace via the copy_to_user() function. The fix was to zero-initialize the structure before filling it with valid data to prevent this information leak.

Impact Analysis

This vulnerability can lead to an information leak where sensitive data from the kernel stack could be exposed to userspace processes. This could potentially allow an attacker to gain unauthorized access to sensitive information, which might be used to further exploit the system or compromise security.

Mitigation Strategies

Apply the patch or update to the Linux kernel version that includes the fix for zero-initializing uinput_ff_upload_compat to prevent information leakage. This involves ensuring that ff_up_compat is zero-initialized before filling valid fields to avoid leaking stack data to userspace.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40035. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart