CVE-2025-40168

Linux Kernel 4.11-6.17.3 - Use-After-Free in SMC Connection Prefix Matching

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the returned value of smc_clc_prfx_match() is not used in the caller.

Scores

EPSS 0.0017
EPSS Percentile 6.6%

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (7)
linux/Kernel 4.11.0 - 6.17.3linux
Linux/Linux < 4.11
Linux/Linux 4.11
Linux/Linux 6.17.3 - 6.17.*
Linux/Linux 6.18
Linux/Linux a046d57da19f812216f393e7c535f5858f793ac3 - 235f81045c008169cc4e1955b4a64e118eebe61b
Linux/Linux a046d57da19f812216f393e7c535f5858f793ac3 - d26e80f7fb62d77757b67a1b94e4ac756bc9c658
Published Nov 12, 2025
Tracked Since Feb 18, 2026