Linux Kernel Vulnerability in TCP Socket Handling by Google
CVE-2025-40186

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40186?

A vulnerability exists in the Linux kernel's TCP socket handling which can lead to a refcount underflow and potential memory corruption. This issue arises when a listener socket is closed while a TCP Fast Open (TFO) socket is being processed. The flaw occurs because certain functions do not correctly handle reference counting, which may result in a use-after-free condition. This could allow for unexpected behavior such as crashes or exploitation opportunities. It is critical for systems running affected kernel versions to apply the latest patches to mitigate this risk.

Affected Version(s)

Linux 7ec092a91ff351dcde89c23e795b73a328274db6

Linux a4378dedd6e07e62f2fccb17d78c9665718763d0

Linux 33a4fdf0b4a25f8ce65380c3b0136b407ca57609

References

https://git.kernel.org/stable/c/e359b742eac1eac75cff4e38e...

https://git.kernel.org/stable/c/ff6a8883f96a5bc74241ce5b3...

https://git.kernel.org/stable/c/eb85ad5f23268d64b037bfb54...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON