CVE-2025-40071

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

In the Linux kernel, the following vulnerability has been resolved:

tty: n_gsm: Don’t block input queue by waiting MSC

Currently gsm_queue() processes incoming frames and when opening
a DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().
If basic mode is used it calls gsm_modem_upd_via_msc() and it
cannot block the input queue by waiting the response to come
into the same input queue.

Instead allow sending Modem Status Command without waiting for remote
end to respond. Define a new function gsm_modem_send_initial_msc()
for this purpose. As MSC is only valid for basic encoding, it does
not do anything for advanced or when convergence layer type 2 is used.

🧠 Explainer: What this vulnerability means

Summary: The issue in the product by the vendor (CWE: unspecified) may enable attacks.

Impact: Systems could be compromised, leading to confidentiality, integrity, or availability loss.

Mitigation: Upgrade immediately to the remediated release and follow vendor hardening guidance.