Race Condition in MultiPath TCP Implementation of Linux Kernel
CVE-2025-40257

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 December 2025

What is CVE-2025-40257?

A vulnerability in the Linux Kernel's MultiPath TCP (MPTCP) component could lead to a race condition during timer management. The function handling timer deletions, 'mptcp_pm_del_add_timer', may interact incorrectly with other processes, potentially leading to a use-after-free scenario. This could result in unpredictable behavior or crashes. The issue has been addressed by implementing RCU protection and clarifying variable names for better code readability. Users are encouraged to update their systems to incorporate these security improvements.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 00cfd77b9063dcdf3628a7087faba60de85a9cc8 < 9be29f8e7ce4e147e56caac2c3a0ce3573cf9c17

Linux 00cfd77b9063dcdf3628a7087faba60de85a9cc8

Linux 00cfd77b9063dcdf3628a7087faba60de85a9cc8 < 385ddc0f008f24d1e7d03be998b3a98a37bd29ff

References

https://git.kernel.org/stable/c/9be29f8e7ce4e147e56caac2c...
https://git.kernel.org/stable/c/e2d1ad207174a7cd7903dd27a...
https://git.kernel.org/stable/c/385ddc0f008f24d1e7d03be99...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.