Detections
Analytics

CVE-2025-40117

medium

Description

In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Fix array underflow in pci_endpoint_test_ioctl() Commit eefb83790a0d ("misc: pci_endpoint_test: Add doorbell test case") added NO_BAR (-1) to the pci_barno enum which, in practical terms, changes the enum from an unsigned int to a signed int. If the user passes a negative number in pci_endpoint_test_ioctl() then it results in an array underflow in pci_endpoint_test_bar().

References

https://git.kernel.org/stable/c/6df3687922570f753574c40b35e83b26b32292d0

https://git.kernel.org/stable/c/1ad82f9db13d85667366044acdfb02009d576c5a

Details

Source: Mitre, NVD

Published: 2025-11-12

Updated: 2025-11-12

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.6

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00018