CVE-2025-40074

Linux Kernel 4.13-6.17.3 - Use-After-Free in IPv4 Functions

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu().

Scores

EPSS 0.0017
EPSS Percentile 6.6%

Details

Status published
Products (7)
linux/Kernel 4.13.0 - 6.17.3linux
Linux/Linux < 4.13
Linux/Linux 4.13
Linux/Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 6ad8de3cefdb6ffa6708b21c567df0dbf82c43a8
Linux/Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 923e0734c386984d45de508528a7a7ad91d791cc
Linux/Linux 6.17.3 - 6.17.*
Linux/Linux 6.18
Published Oct 28, 2025
Tracked Since Feb 18, 2026