User After Free Vulnerability in Linux Kernel Affecting MultiPath TCP Implementation
CVE-2025-40133

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
12 November 2025

What is CVE-2025-40133?

A vulnerability in the Linux kernel related to the MultiPath TCP (MPTCP) implementation has been identified. This issue arises from the improper handling of the destination socket in the mptcp_active_enable() function, which can be invoked incorrectly leading to a user after free (UAF) condition. The function interacts with the subflow connection process, where the sk_dst_get() call could potentially reference a socket that has already been freed, resulting in undefined behavior and potential security implications. The kernel has introduced patches to leverage safer functions, __sk_dst_get() and dst_dev_rcu(), to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 27069e7cb3d1cea9377069266acf19b9cc5ad0ae

Linux 27069e7cb3d1cea9377069266acf19b9cc5ad0ae

Linux 27069e7cb3d1cea9377069266acf19b9cc5ad0ae < 893c49a78d9f85e4b8081b908fb7c407d018106a

References

https://git.kernel.org/stable/c/ad16235c9d3ef7ec17c109ff3...
https://git.kernel.org/stable/c/cc976ec9e38bb79409de3261b...
https://git.kernel.org/stable/c/893c49a78d9f85e4b8081b908...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.