Linux Kernel Networking Vulnerability Affecting Device Management
CVE-2025-40170

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40170?

This vulnerability in the Linux kernel relates to improper handling of device references within networking functions. Specifically, it addresses issues in how the kernel manages device access when setting up capabilities and calculating maximum sizes for Generic Segmentation Offload (GSO). The fix ensures that these accesses leverage Read-Copy-Update (RCU) for safer concurrent processing, ultimately improving the stability and security of network communication. Several functions, including ip6_dst_mtu_maybe_forward() and ip_dst_mtu_maybe_forward(), have been updated to ensure compatibility and performance resilience.

Affected Version(s)

Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36

Linux 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 < 99a2ace61b211b0be861b07fbaa062fca4b58879

Linux 4.13

References

https://git.kernel.org/stable/c/a805729c0091073d8f0415cfa...

https://git.kernel.org/stable/c/99a2ace61b211b0be861b07fb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON