CVE-2025-40337
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously set skb->ip_summed to CHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled and the packet was of a known IP ethertype. However, this logic failed to check if the hardware had actually reported a checksum error. The hardware status, indicating a header or payload checksum failure, was being ignored at this stage. This could cause corrupt packets to be passed up the network stack as valid. This patch corrects the logic by checking the `csum_none` status flag, which is set when the hardware reports a checksum error. If this flag is set, skb->ip_summed is now correctly set to CHECKSUM_NONE, ensuring the kernel's network stack will perform its own validation and properly handle the corrupt packet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40337
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's stmmac network driver involves improper handling of hardware checksum offload errors. Previously, the driver would mark packets as having valid checksums without verifying if the hardware reported any checksum errors. As a result, corrupt packets with checksum errors could be passed up the network stack as if they were valid. The fix ensures that when the hardware indicates a checksum error, the kernel marks the packet to require software checksum validation, preventing corrupt packets from being treated as valid.


How can this vulnerability impact me? :

This vulnerability can lead to corrupt network packets being accepted as valid by the Linux kernel's network stack. This may cause data integrity issues, potential application errors, or security risks if corrupted data is processed without detection.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update your Linux kernel to a version that includes the patch correcting the handling of Rx checksum offload errors in the stmmac driver. This patch ensures that checksum errors reported by hardware are properly handled, preventing corrupt packets from being accepted as valid.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart