Memory Management Flaw in Linux Kernel Affecting Networking Functionality
CVE-2025-40158

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40158?

A vulnerability present in the Linux kernel has been identified related to the ipv6 protocol's output processing. Specifically, the implementation in the ip6_output() function had a potential use-after-free (UAF) issue. By leveraging Read-Copy-Update (RCU) mechanisms, the updated code mitigates this risk, ensuring that resource management during network transmission is handled more safely. This enhancement removes the need for rcu_read_lock() and rcu_read_unlock() in specific output functions, streamlining the process and increasing the robustness of network operations.

Affected Version(s)

Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 0393f85c3241c19ba8550f04a812e7d19f6b3082

Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 11709573cc4e48dc34c80fc7ab9ce5b159e29695

Linux 4.13

References

https://git.kernel.org/stable/c/0393f85c3241c19ba8550f04a...

https://git.kernel.org/stable/c/11709573cc4e48dc34c80fc7a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON