CVE-2025-40135

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv6: use RCU in ip6_xmit()

Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < f0a54d00d2f36de40266f47c27989853e8588656affected
LinuxLinux4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < f69fec6287565fdeb61f65e700a1184352306943affected
LinuxLinux4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < bd0905e2122e3680968cd0741966983490bf2ed3affected
LinuxLinux4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < f7f9e924f23684b4b23cd9f976cceab24a968e34affected
LinuxLinux4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 9085e56501d93af9f2d7bd16f7fcfacdde47b99caffected
LinuxLinux4.13affected
LinuxLinux0 < 4.13unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.130 <= 6.6.*unaffected
LinuxLinux6.12.78 <= 6.12.*unaffected
LinuxLinux6.17.3 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References