Memory Handling Flaw in Linux Kernel Affecting Asynchronous Decryption Process
CVE-2025-40176

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40176?

A flaw has been identified in the Linux kernel's handling of asynchronous decryption processes. The issue arises during the operation of the tls_strp_msg_hold function, which is responsible for cloning input socket buffers (skbs) to manage memory references during decryption. If the system fails to allocate the required buffer clone, it can lead to serious issues, including use-after-free situations and potential unauthorized access to user space memory following the recv() syscall. This vulnerability emphasizes the importance of managing pending decryption requests effectively, ensuring all dependences are resolved before proceeding.

Affected Version(s)

Linux 84c61fe1a75b4255df1e1e7c054c9e6d048da417 < 9f83fd0c179e0f458e824e417f9d5ad53443f685

Linux 84c61fe1a75b4255df1e1e7c054c9e6d048da417

Linux 84c61fe1a75b4255df1e1e7c054c9e6d048da417 < 39dec4ea3daf77f684308576baf483b55ca7f160

References

https://git.kernel.org/stable/c/9f83fd0c179e0f458e824e417...

https://git.kernel.org/stable/c/c61d4368197d65c4809d9271f...

https://git.kernel.org/stable/c/39dec4ea3daf77f684308576b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON