CVE-2025-40035

描述

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Struct ff_effect_compat is embedded twice inside uinput_ff_upload_compat, contains internal padding. In particular, there is a hole after struct ff_replay to satisfy alignment requirements for the following union member. Without clearing the structure, copy_to_user() may leak stack data to userspace. Initialize ff_up_compat to zero before filling valid fields.

受影響套件(2)

• Debian/linuxfrom 0, < 5.10.247-1
• Debian/linux-6.1from 0, < 6.1.158-1~deb11u1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-40035