CVE-2025-40168
Linux Kernel 4.11-6.17.3 - Use-After-Free in SMC Connection Prefix Matching
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the returned value of smc_clc_prfx_match() is not used in the caller.
References (2)
Core 2
Scores
EPSS
0.0017
EPSS Percentile
6.6%
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (7)
linux/Kernel
4.11.0 - 6.17.3linux
Linux/Linux
< 4.11
Linux/Linux
4.11
Linux/Linux
6.17.3 - 6.17.*
Linux/Linux
6.18
Linux/Linux
a046d57da19f812216f393e7c535f5858f793ac3 - 235f81045c008169cc4e1955b4a64e118eebe61b
Linux/Linux
a046d57da19f812216f393e7c535f5858f793ac3 - d26e80f7fb62d77757b67a1b94e4ac756bc9c658
Published
Nov 12, 2025
Tracked Since
Feb 18, 2026