Use-After-Free Vulnerability in Ocelot Switch by Vendor MSCC

CVE-2025-40003

What is CVE-2025-40003?

A use-after-free vulnerability exists in the Ocelot switch's delayed work item handling. When the work item is executed during resource deallocation, it can lead to a warning and potential instability in the network system. This issue arises from the improper cancellation of delayed work in certain conditions, allowing for the work item to be queued again after the resource is deallocated. Proper synchronization methods need to be implemented to ensure that delayed work items do not present a risk of being rescheduled after resource destruction.

References