{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40277","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.184Z","datePublished":"2025-12-06T21:51:00.437Z","dateUpdated":"2026-05-11T21:46:14.324Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:46:14.324Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE\n\nThis data originates from userspace and is used in buffer offset\ncalculations which could potentially overflow causing an out-of-bounds\naccess."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c"],"versions":[{"version":"8ce75f8ab9044fe11caaaf2b2c82471023212f9f","lessThan":"e58559845021c3bad5e094219378b869157fad53","status":"affected","versionType":"git"},{"version":"8ce75f8ab9044fe11caaaf2b2c82471023212f9f","lessThan":"54d458b244893e47bda52ec3943fdfbc8d7d068b","status":"affected","versionType":"git"},{"version":"8ce75f8ab9044fe11caaaf2b2c82471023212f9f","lessThan":"709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173","status":"affected","versionType":"git"},{"version":"8ce75f8ab9044fe11caaaf2b2c82471023212f9f","lessThan":"a3abb54c27b2c393c44362399777ad2f6e1ff17e","status":"affected","versionType":"git"},{"version":"8ce75f8ab9044fe11caaaf2b2c82471023212f9f","lessThan":"b5df9e06eed3df6a4f5c6f8453013b0cabb927b4","status":"affected","versionType":"git"},{"version":"8ce75f8ab9044fe11caaaf2b2c82471023212f9f","lessThan":"5aea2cde03d4247cdcf53f9ab7d0747c9dca1cfc","status":"affected","versionType":"git"},{"version":"8ce75f8ab9044fe11caaaf2b2c82471023212f9f","lessThan":"f3f3a8eb3f0ba799fae057091d8c67cca12d6fa0","status":"affected","versionType":"git"},{"version":"8ce75f8ab9044fe11caaaf2b2c82471023212f9f","lessThan":"32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c"],"versions":[{"version":"4.3","status":"affected"},{"version":"0","lessThan":"4.3","status":"unaffected","versionType":"semver"},{"version":"5.4.302","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.247","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.197","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.159","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.117","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.59","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.9","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"5.4.302"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"5.10.247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"5.15.197"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.1.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.6.117"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.12.59"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.17.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e58559845021c3bad5e094219378b869157fad53"},{"url":"https://git.kernel.org/stable/c/54d458b244893e47bda52ec3943fdfbc8d7d068b"},{"url":"https://git.kernel.org/stable/c/709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173"},{"url":"https://git.kernel.org/stable/c/a3abb54c27b2c393c44362399777ad2f6e1ff17e"},{"url":"https://git.kernel.org/stable/c/b5df9e06eed3df6a4f5c6f8453013b0cabb927b4"},{"url":"https://git.kernel.org/stable/c/5aea2cde03d4247cdcf53f9ab7d0747c9dca1cfc"},{"url":"https://git.kernel.org/stable/c/f3f3a8eb3f0ba799fae057091d8c67cca12d6fa0"},{"url":"https://git.kernel.org/stable/c/32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af"}],"title":"drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE","x_generator":{"engine":"bippy-1.2.0"}}}}