Use-After-Free Vulnerability in Linux Kernel's Networking Interface
CVE-2025-40271

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40271?

A use-after-free vulnerability in the Linux kernel's networking interface may allow an attacker to access freed memory. The issue arises in the proc_readdir_de() function when directory entries are concurrently modified while being traversed. During high-stress scenarios, unregistering network devices leads to a race condition where previously valid references may still be used after being freed. This can expose sensitive data or lead to system crashes. Proper handling of erased nodes in the Red-Black tree structure is mandated to mitigate this risk, ensuring that dereferenced pointers do not return to freed memory.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1d1596d68a6f11d28f677eedf6cf5b17dbfeb491

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4cba73c4c89219beef7685a47374bf88b1022369

References

https://git.kernel.org/stable/c/1d1596d68a6f11d28f677eedf...

https://git.kernel.org/stable/c/c81d0385500446efe48c305bb...

https://git.kernel.org/stable/c/4cba73c4c89219beef7685a47...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON