CVE-2025-40158

Linux Kernel 4.13-6.17.2 - Use-After-Free in ip6_output

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().

Scores

EPSS 0.0021
EPSS Percentile 11.5%

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (7)
linux/Kernel 4.13.0 - 6.17.3linux
Linux/Linux < 4.13
Linux/Linux 4.13
Linux/Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 0393f85c3241c19ba8550f04a812e7d19f6b3082
Linux/Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 11709573cc4e48dc34c80fc7ab9ce5b159e29695
Linux/Linux 6.17.3 - 6.17.*
Linux/Linux 6.18
Published Nov 12, 2025
Tracked Since Feb 18, 2026