You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 40081
About this tag
CVE-2025-40081 is a Linux kernel vulnerability in the ARM Statistical Profiling Extension (SPE) perf driver. It involves a numeric overflow in the PERF_IDX2OFF macro that can miscompute buffer offsets for large AUX buffers (2 GiB or larger), potentially leading to kernel instability. The fix is a one-line cast change that converts the buffer pages count to an unsigned long before the left-shift operation, preventing wraparound. The upstream commit has been backported to multiple stable kernel trees. This tag covers discussions about the vulnerability, its root cause, and the patch applied across Linux stable branches.
A small, surgical change to the Linux kernel’s ARM SPE perf driver closed CVE-2025-40081 — a numeric overflow in the PERF_IDX2OFF macro that could miscompute buffer offsets for large AUX buffers (>= 2 GiB) and lead to kernel instability. The fix casts the buffer pages count to an unsigned long...