Linux Kernel xfrm Tunnel Management Vulnerability Affecting Networking Functionality
CVE-2025-40256
What is CVE-2025-40256?
A resource management issue in the Linux kernel concerning xfrm state operations has been identified. The vulnerability arises when state creation fails between initialization and insertion into the lists, leading to leaks in fallback tunnels for IPsec protocols. Specifically, the failure to call necessary cleanup routines when certain user states are not added creates security risks by leaving tunnel resources allocated and unguarded. This flaw affects various code paths pertaining to state management, including add/update actions within net/key and xfrm modules, as well as in migration processes. Properly addressing this issue involves ensuring that xfrm_state_delete_tunnel is invoked during the garbage collection of states, thus preventing rogue or orphaned tunnels from persisting and enhancing overall network resilience.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Linux 1b28a7fae0128fa140a7dccd995182ff6cd1c67b < 57b72d74d4651dc19d046308a8304eb9abfe66ac
Linux 4b2c17d0f9be8b58bb30468bc81a4b61c985b04e < 1dad653643f28ccc89be93f9440b8804cded85b2
Linux 0da961fa46da1b37ef868d9b603bd202136f8f8e < 64441724387b4ac92f67ef51caaaeffe99c950d1