Linux Kernel DRM/VMWGFX Header Size Validation vs SVGA_CMD_MAX_DATASIZE -> OOB
CVE-2025-40277 Published on December 6, 2025
drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
This data originates from userspace and is used in buffer offset
calculations which could potentially overflow causing an out-of-bounds
access.
Products Associated with CVE-2025-40277
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
Linux:- Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and below e58559845021c3bad5e094219378b869157fad53 is affected.
- Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and below 54d458b244893e47bda52ec3943fdfbc8d7d068b is affected.
- Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and below 709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173 is affected.
- Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and below a3abb54c27b2c393c44362399777ad2f6e1ff17e is affected.
- Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and below b5df9e06eed3df6a4f5c6f8453013b0cabb927b4 is affected.
- Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and below 5aea2cde03d4247cdcf53f9ab7d0747c9dca1cfc is affected.
- Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and below f3f3a8eb3f0ba799fae057091d8c67cca12d6fa0 is affected.
- Version 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and below 32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af is affected.
- Version 4.3 is affected.
- Before 4.3 is unaffected.
- Version 5.4.302, <= 5.4.* is unaffected.
- Version 5.10.247, <= 5.10.* is unaffected.
- Version 5.15.197, <= 5.15.* is unaffected.
- Version 6.1.159, <= 6.1.* is unaffected.
- Version 6.6.117, <= 6.6.* is unaffected.
- Version 6.12.59, <= 6.12.* is unaffected.
- Version 6.17.9, <= 6.17.* is unaffected.
- Version 6.18, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.