VDB
DEBIAN-CVE-2025-40266
DEBIAN-CVE-2025-40266
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX] is set from the host kernel.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | linux | 0, 6.12.38-1, 6.12.43-1 |
| Debian:11 | linux | *, 6.16.3-1~bpo13+1, 6.16.5-1 |
| Debian:12 | linux | 6.1.106-1, 6.1.106-3, 6.1.119-1 |
| Debian:13 | linux | 6.12.38-1, 6.12.41-1, 6.12.43-1 |
Timeline
- Dec 4, 2025 CVE Published
- Apr 28, 2026 CVE Updated