CVE-2025-40158
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: use RCU in ip6_output()
Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF.
We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 0393f85c3241c19ba8550f04a812e7d19f6b3082 | affected |
| Linux | Linux | 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 11709573cc4e48dc34c80fc7ab9ce5b159e29695 | affected |
| Linux | Linux | 4.13 | affected |
| Linux | Linux | 0 < 4.13 | unaffected |
| Linux | Linux | 6.17.3 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/0393f85c3241c19ba8550f04a812e7d19f6b3082
- https://git.kernel.org/stable/c/11709573cc4e48dc34c80fc7ab9ce5b159e29695
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.