UAF Vulnerability in Linux Kernel's Network Layer Impacting Connectivity Functions

CVE-2025-40149

What is CVE-2025-40149?

A vulnerability has been identified in the Linux kernel related to the handling of sockets. Specifically, misuse of the sk_dst_get(sk)->dev function during the setsockopt() call can potentially lead to a Use-After-Free (UAF) situation. This flaw occurs because the function is not under Read-Copy-Update (RCU) protection, which may jeopardize the integrity of network connectivity management. The vulnerability was addressed by implementing safer methods, __sk_dst_get() and dst_dev_rcu(), to ensure proper handling of network device references within connection operations.

References