Race Condition in Linux Kernel's Multipath TCP Implementation by The Linux Foundation
CVE-2025-40258

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 December 2025

What is CVE-2025-40258?

A race condition was discovered in the Multipath TCP (MPTCP) implementation within the Linux kernel. The vulnerability arises when the mptcp_schedule_work() function is called, which schedules a work item that references a socket's reference count. If mptcp_worker() executes immediately after scheduling the work, it may release the reference count before the socket is confirmed to be in use, leading to a use-after-free scenario. This flaw necessitates careful handling of socket references to ensure that they remain valid throughout the execution of scheduled tasks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 3b1d6210a9577369103330b0d802b0bf74b65e7f

Linux 3b1d6210a9577369103330b0d802b0bf74b65e7f < 99908e2d601236842d705d5fd04fb349577316f5

Linux 3b1d6210a9577369103330b0d802b0bf74b65e7f

References

https://git.kernel.org/stable/c/f865e6595acf33083168db769...
https://git.kernel.org/stable/c/99908e2d601236842d705d5fd...
https://git.kernel.org/stable/c/db4f7968a75250ca6c4ed70d0...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.