BPF Metadata Leak in Linux Kernel Affecting Cilium's Egress Gateway Feature
CVE-2025-40183

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40183?

A vulnerability in the Linux kernel's BPF subsystem has been identified, specifically impacting Cilium's egress gateway functionality. This flaw occurs when forward packets are managed through the bpf_redirect_neigh() helper. The issue arises from the vxlan mechanism that allocates the metadata_dst object without releasing existing dst entries. Consequently, this oversight leads to a growth in kmalloc-256 slab usage over time, potentially causing performance degradation due to increased memory consumption during packet processing. The proper releasing of dst entries is critical to maintain system stability and performance.

Affected Version(s)

Linux b4ab31414970a7a03a5d55d75083f2c101a30592 < 3fba965a9aac0fa3cbd8138436a37af9ab466d79

Linux b4ab31414970a7a03a5d55d75083f2c101a30592 < 057764172fcc6ee2ccb6c41351a55a9f054dc8fd

Linux b4ab31414970a7a03a5d55d75083f2c101a30592 < 2e67c2037382abb56497bb9d7b7e10be04eb5598

References

https://git.kernel.org/stable/c/3fba965a9aac0fa3cbd813843...

https://git.kernel.org/stable/c/057764172fcc6ee2ccb6c4135...

https://git.kernel.org/stable/c/2e67c2037382abb56497bb9d7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON