CVE-2025-40170
Linux Kernel 4.13-6.12.63, 6.13-6.17.2, 6.18 - Use-After-Free in sk_setup_caps
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_forward(). ip4_dst_hoplimit() can use dst_dev_net_rcu().
References (3)
Core 3
Scores
EPSS
0.0019
EPSS Percentile
8.6%
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
Status
published
Products (10)
linux/Kernel
4.13.0 - 6.12.64linux
linux/Kernel
6.13.0 - 6.17.3linux
Linux/Linux
< 4.13
Linux/Linux
4.13
Linux/Linux
4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 5d1be493d1110c9e720b4c51a6e587bb2fb4ac12
Linux/Linux
4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 99a2ace61b211b0be861b07fbaa062fca4b58879
Linux/Linux
4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - a805729c0091073d8f0415cfa96c7acd1bc17a48
Linux/Linux
6.12.64 - 6.12.*
Linux/Linux
6.17.3 - 6.17.*
Linux/Linux
6.18
Published
Nov 12, 2025
Tracked Since
Feb 18, 2026