CVE-2025-68188

Linux Kernel 4.12-6.12.57, 6.13-6.17.7 - Use-After-Free in tcp_fastopen_active_disable_ofo_check

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/bc2b881a0896c111c1041d8bb1f92a3b3873ace5

Patch

https://git.kernel.org/stable/c/06da08d9355bf8e2070459bbedbe372ccc02cc0e

Patch

https://git.kernel.org/stable/c/b62a59c18b692f892dcb8109c1c2e653b2abc95c

Scores

EPSS 0.0002

EPSS Percentile 7.1%

Details

Status published

Products (10)

linux/Kernel 4.12.0 - 6.12.58linux

linux/Kernel 6.13.0 - 6.17.8linux

Linux/Linux < 4.12

Linux/Linux 4.12

Linux/Linux 6.12.58 - 6.12.*

Linux/Linux 6.17.8 - 6.17.*

Linux/Linux 6.18

Linux/Linux cf1ef3f0719b4dcb74810ed507e2a2540f9811b4 - 06da08d9355bf8e2070459bbedbe372ccc02cc0e

Linux/Linux cf1ef3f0719b4dcb74810ed507e2a2540f9811b4 - b62a59c18b692f892dcb8109c1c2e653b2abc95c

Linux/Linux cf1ef3f0719b4dcb74810ed507e2a2540f9811b4 - bc2b881a0896c111c1041d8bb1f92a3b3873ace5

Published Dec 16, 2025

Tracked Since Feb 18, 2026