CVE-2025-40074
Linux Kernel 4.13-6.17.3 - Use-After-Free in IPv4 Functions
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu().
References (2)
Core 2
Scores
EPSS
0.0017
EPSS Percentile
6.6%
Details
Status
published
Products (7)
linux/Kernel
4.13.0 - 6.17.3linux
Linux/Linux
< 4.13
Linux/Linux
4.13
Linux/Linux
4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 6ad8de3cefdb6ffa6708b21c567df0dbf82c43a8
Linux/Linux
4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 923e0734c386984d45de508528a7a7ad91d791cc
Linux/Linux
6.17.3 - 6.17.*
Linux/Linux
6.18
Published
Oct 28, 2025
Tracked Since
Feb 18, 2026