Use-After-Free Vulnerability in Linux Kernel Affects Networking Components
CVE-2025-40074

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40074?

A use-after-free vulnerability exists in the Linux kernel affecting multiple networking functions. Specifically, modifications were made to the 'icmpv4_xrlim_allow()' and 'ip_defrag()' functions that mitigate the risk of potential memory access issues. Additionally, changes were implemented in 'ipmr_prepare_xmit()', 'ipmr_queue_fwd_xmit()', and 'ipv4_neigh_lookup()' to ensure proper memory management by utilizing the newly implemented 'dst_dev_rcu()' for enhanced safety in the handling of network packets.

Affected Version(s)

Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 923e0734c386984d45de508528a7a7ad91d791cc

Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 6ad8de3cefdb6ffa6708b21c567df0dbf82c43a8

Linux 4.13

References

https://git.kernel.org/stable/c/923e0734c386984d45de50852...

https://git.kernel.org/stable/c/6ad8de3cefdb6ffa6708b21c5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON