Bug 2420419 (CVE-2025-40337) - CVE-2025-40337 kernel: net: stmmac: Correctly handle Rx checksum offload errors
Summary: CVE-2025-40337 kernel: net: stmmac: Correctly handle Rx checksum offload errors
Keywords:
Status: NEW
Alias: CVE-2025-40337
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-09 05:02 UTC by OSIDB Bzimport
Modified: 2025-12-11 14:39 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-09 05:02:12 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: stmmac: Correctly handle Rx checksum offload errors

The stmmac_rx function would previously set skb->ip_summed to
CHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled
and the packet was of a known IP ethertype.

However, this logic failed to check if the hardware had actually
reported a checksum error. The hardware status, indicating a header or
payload checksum failure, was being ignored at this stage. This could
cause corrupt packets to be passed up the network stack as valid.

This patch corrects the logic by checking the `csum_none` status flag,
which is set when the hardware reports a checksum error. If this flag
is set, skb->ip_summed is now correctly set to CHECKSUM_NONE,
ensuring the kernel's network stack will perform its own validation and
properly handle the corrupt packet.
Comment 1 Alexander B 2025-12-09 13:14:54 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40337-d3bd@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.