CVE-2025-40170

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: use dst_dev_rcu() in sk_setup_caps()

Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size().

Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_forward().

ip4_dst_hoplimit() can use dst_dev_net_rcu().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 5d1be493d1110c9e720b4c51a6e587bb2fb4ac12affected
LinuxLinux4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < a805729c0091073d8f0415cfa96c7acd1bc17a48affected
LinuxLinux4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 99a2ace61b211b0be861b07fbaa062fca4b58879affected
LinuxLinux4.13affected
LinuxLinux0 < 4.13unaffected
LinuxLinux6.12.64 <= 6.12.*unaffected
LinuxLinux6.17.3 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References