CVE-2025-40170

Linux Kernel 4.13-6.12.63, 6.13-6.17.2, 6.18 - Use-After-Free in sk_setup_caps

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_forward(). ip4_dst_hoplimit() can use dst_dev_net_rcu().

Scores

EPSS 0.0019
EPSS Percentile 8.6%

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

Status published
Products (10)
linux/Kernel 4.13.0 - 6.12.64linux
linux/Kernel 6.13.0 - 6.17.3linux
Linux/Linux < 4.13
Linux/Linux 4.13
Linux/Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 5d1be493d1110c9e720b4c51a6e587bb2fb4ac12
Linux/Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - 99a2ace61b211b0be861b07fbaa062fca4b58879
Linux/Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 - a805729c0091073d8f0415cfa96c7acd1bc17a48
Linux/Linux 6.12.64 - 6.12.*
Linux/Linux 6.17.3 - 6.17.*
Linux/Linux 6.18
Published Nov 12, 2025
Tracked Since Feb 18, 2026