Use-After-Free Vulnerability in Linux Kernel Affecting Networking Components
CVE-2025-40064

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40064?

A critical use-after-free vulnerability exists in the Linux kernel's networking functionality, specifically within the __pnet_find_base_ndev() function. This flaw allows an attacker to exploit memory management issues when connecting to a network. The issue arises when a network device (net_device) is accessed after it has been freed, leading to potential unauthorized access to sensitive memory regions. Developers are urged to update their systems to the latest versions to mitigate this risk.

Affected Version(s)

Linux 0afff91c6f5ecef27715ea71e34dc2baacba1060 < 233927b645cb7a14bb98d23ac72e4c7243a9f0d9

Linux 0afff91c6f5ecef27715ea71e34dc2baacba1060 < 3d3466878afd8d43ec0ca2facfbc7f03e40d0f79

Linux 4.19

References

https://git.kernel.org/stable/c/233927b645cb7a14bb98d23ac...

https://git.kernel.org/stable/c/3d3466878afd8d43ec0ca2fac...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON