VDB
DEBIAN-CVE-2025-40187
DEBIAN-CVE-2025-40187
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() If new_asoc->peer.adaptation_ind=0 and sctp_ulpevent_make_authkey=0 and sctp_ulpevent_make_authkey() returns 0, then the variable ai_ev remains zero and the zero will be dereferenced in the sctp_ulpevent_free() function.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 6.12.57-1, 6.12.48-1, 6.12.43-1 |
| Debian:11 | linux | 5.10.234-1, 5.10.226-1, 5.10.223-1 |
| Debian:11 | linux-6.1 | 6.1.112-1~deb11u1, 0, 6.1.106-3~deb11u2 |
| Debian:14 | linux | 6.14.5-1, 6.12.38-1, 6.12.43-1~bpo12+1 |
| Debian:12 | linux | 6.1.106-1, 6.1.99-1, 6.1.98-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Nov 12, 2025 CVE Published
- Apr 28, 2026 CVE Updated