Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak — CVE-2025-40035

Summary

Advisory CVE-2025-40035. Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 7.1. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() CVE-2025-40082
• vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check CVE-2023-53543
• .NET Elevation of Privilege Vulnerability CVE-2025-55247
• af_unix: Fix null-ptr-deref in unix_stream_sendpage(). CVE-2023-53469
• ALPN negotiation error contains attacker controlled information in crypto/tls CVE-2025-58189
• AMD CVE-2025-0033: RMP Corruption During SNP Initialization CVE-2025-0033
• Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-47989
• Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-58724
• astral-tokio-tar Vulnerable to PAX Header Desynchronization CVE-2025-62518
• Azure Compute Gallery Elevation of Privilege Vulnerability CVE-2025-59292
• Azure Event Grid System Elevation of Privilege Vulnerability CVE-2025-59273
• Azure Local Elevation of Privilege Vulnerability CVE-2025-55697