{"id":"CVE-2025-40193","summary":"xtensa: simdisk: add input size check in proc_write_simdisk","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nxtensa: simdisk: add input size check in proc_write_simdisk\n\nA malicious user could pass an arbitrarily bad value\nto memdup_user_nul(), potentially causing kernel crash.\n\nThis follows the same pattern as commit ee76746387f6\n(\"netdevsim: prevent bad user input in nsim_dev_health_break_write()\")","modified":"2026-03-20T12:43:12.776816Z","published":"2025-11-12T21:56:31.751Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40193.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/151bd88859474cdaccc1e4c8b21fbf72dbba2ab4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5d5f08fd0cd970184376bee07d59f635c8403f63"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a0c2c36d864ef3676b05cfd8c58b72ee3214cb1a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d381de7fd4cdc928ede96987dc64b133e6480dd6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f40405ccfb87b71175f2d5d004c0b8a0aebcc2cf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40193.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40193"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b6c7e873daf765e41233b9752083b66442703b7a"},{"fixed":"f40405ccfb87b71175f2d5d004c0b8a0aebcc2cf"},{"fixed":"151bd88859474cdaccc1e4c8b21fbf72dbba2ab4"},{"fixed":"d381de7fd4cdc928ede96987dc64b133e6480dd6"},{"fixed":"a0c2c36d864ef3676b05cfd8c58b72ee3214cb1a"},{"fixed":"5d5f08fd0cd970184376bee07d59f635c8403f63"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40193.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.9.0"},{"fixed":"6.1.157"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.113"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.54"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40193.json"}}],"schema_version":"1.7.5"}