Heap Use After Free Vulnerability in Linux Kernel Affecting the Networking Stack
CVE-2025-40168

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40168?

A vulnerability exists in the Linux kernel's networking stack, specifically within the smc_clc_prfx_match() function. This issue arises from the function being called from smc_listen_work() without appropriate handling under RCU or RTNL. As a result, utilizing the sk_dst_get(sk)->dev could lead to a Use After Free (UAF) scenario. Although the value returned by smc_clc_prfx_match() is not utilized by its caller, the underlying flaw poses a risk to system integrity and can potentially be exploited. Developers and system administrators are advised to update to the latest version of the Linux kernel to mitigate this vulnerability.

Affected Version(s)

Linux a046d57da19f812216f393e7c535f5858f793ac3

Linux a046d57da19f812216f393e7c535f5858f793ac3 < 235f81045c008169cc4e1955b4a64e118eebe61b

Linux 4.11

References

https://git.kernel.org/stable/c/d26e80f7fb62d77757b67a1b9...

https://git.kernel.org/stable/c/235f81045c008169cc4e1955b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON