CVE-2025-40192
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack when IPMI is disconnected" This reverts commit c608966f3f9c2dca596967501d00753282b395fc. This patch has a subtle bug that can cause the IPMI driver to go into an infinite loop if the BMC misbehaves in a certain way. Apparently certain BMCs do misbehave this way because several reports have come in recently about this.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-14
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40192
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's IPMI driver. A patch intended to fix message stack handling when IPMI is disconnected was reverted because it contained a subtle bug. This bug can cause the IPMI driver to enter an infinite loop if the Baseboard Management Controller (BMC) misbehaves in a specific way. Some BMCs have been reported to misbehave like this, leading to the issue.

Impact Analysis

If the BMC misbehaves as described, the IPMI driver in the Linux kernel can enter an infinite loop. This could potentially lead to system instability or resource exhaustion, affecting system availability and performance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40192. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart