Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2025-40020— can: peak_usb: fix shift-out-of-bounds issue

AI Predicted 5.5 Difficulty: Moderate EPSS 0.07% · P21

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinuxbb4785551f64e18b2c8bb15a3bd2b22f5ebf624d< 572c656802781cc57f4a3231eefa83547e75ed78affected
bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d< 61b1dd4c614935169d12bdecc26906e37b508618affected
bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d< 48822a59ecc47d353400d38b1941d3ae7591ffffaffected
bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d< 176c81cbf9c4e348610a421aad800087c0401f60affected
bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d< 17edec1830e48c0becd61642d0e40bc753243b16affected
bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d< eb79ed970670344380e77d62f8188e8015648d94affected
bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d< 394c58017e5f41043584c345106cae16a4613710affected
bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d< c443be70aaee42c2d1d251e0329e0a69dd96ae54affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-40020

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
can: peak_usb: fix shift-out-of-bounds issue
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its shifting is 32 (which is the case for PC CAN FD interfaces supported by this driver). [mkl: update subject, apply manually]
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于移位操作超出边界,可能导致内存损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux bb4785551f64e18b2c8bb15a3bd2b22f5ebf624d ~ 572c656802781cc57f4a3231eefa83547e75ed78 -
LinuxLinux 3.4 -

II. Public POCs for CVE-2025-40020

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-40020

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-10-24 · 8 CVEs total

CVE-2023-53733net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode
CVE-2025-40018ipvs: Defer ip_vs_ftp unregister during netns cleanup
CVE-2025-40019crypto: essiv - Check ssize for decryption and in-place encryption
CVE-2025-40021tracing: dynevent: Add a missing lockdown check on dynevent
CVE-2025-40022crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
CVE-2025-40023drm/xe/vf: Don't expose sysfs attributes not applicable for VFs
CVE-2025-40024vhost: Take a reference on the task in struct vhost_task.

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-40020

No comments yet

Leave a comment