Race Condition in Linux Kernel's Multipath TCP Implementation by The Linux Foundation
CVE-2025-40258

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40258?

A race condition was discovered in the Multipath TCP (MPTCP) implementation within the Linux kernel. The vulnerability arises when the mptcp_schedule_work() function is called, which schedules a work item that references a socket's reference count. If mptcp_worker() executes immediately after scheduling the work, it may release the reference count before the socket is confirmed to be in use, leading to a use-after-free scenario. This flaw necessitates careful handling of socket references to ensure that they remain valid throughout the execution of scheduled tasks.

Affected Version(s)

Linux 3b1d6210a9577369103330b0d802b0bf74b65e7f < 8f9ba1a99a89feef9b5867c15a0141a97e893309

Linux 3b1d6210a9577369103330b0d802b0bf74b65e7f

Linux 3b1d6210a9577369103330b0d802b0bf74b65e7f < 3fc7723ed01d1130d4bf7063c50e0af60ecccbb4

References

https://git.kernel.org/stable/c/8f9ba1a99a89feef9b5867c15...

https://git.kernel.org/stable/c/ac28dfddedf6f209190950fc7...

https://git.kernel.org/stable/c/3fc7723ed01d1130d4bf7063c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON