CVE-2025-40236

{"id": "CVE-2025-40236", "cveTags": [], "metrics": {}, "published": "2025-12-04T16:16:16.567", "references": [{"url": "https://git.kernel.org/stable/c/b2284768c6b32aa224ca7d0ef0741beb434f03aa", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b625d231c66a6041e98817ffc944bf6e4c45b2e3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Deferred", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: zero unused hash fields\n\nWhen GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to\ninitialize the tunnel metadata but forget to zero unused rxhash\nfields. This may leak information to another side. Fixing this by\nzeroing the unused hash fields."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}