Linux Kernel Vulnerability in TCP Metrics Handling by The Linux Foundation
CVE-2025-40075

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40075?

A vulnerability has been identified in the Linux kernel concerning the handling of TCP metrics. The issue arises from the use of the dst_dev() function, which has been modified to utilize a lockdep enabled helper, dst_dev_net_rcu(). This change enhances the kernel's resource management capabilities by improving the handling of destination devices, addressing potential risks associated with concurrency in network programming. Implementing this fix is essential for ensuring robust network security and maintaining the integrity of system processes.

Affected Version(s)

Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 07613a95326ebad2d1b88d883cd72546025a4f3e

Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 50c127a69cd6285300931853b352a1918cfa180f

Linux 4.13

References

https://git.kernel.org/stable/c/07613a95326ebad2d1b88d883...

https://git.kernel.org/stable/c/50c127a69cd6285300931853b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON