Use-After-Free Vulnerability in Linux Kernel's Networking Interface
CVE-2025-40271

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40271?

A use-after-free vulnerability in the Linux kernel's networking interface may allow an attacker to access freed memory. The issue arises in the proc_readdir_de() function when directory entries are concurrently modified while being traversed. During high-stress scenarios, unregistering network devices leads to a race condition where previously valid references may still be used after being freed. This can expose sensitive data or lead to system crashes. Proper handling of erased nodes in the Red-Black tree structure is mandated to mitigate this risk, ensuring that dereferenced pointers do not return to freed memory.

Affected Version(s)

Linux 710585d4922fd315f2cada8fbe550ae8ed23e994 < 1d1596d68a6f11d28f677eedf6cf5b17dbfeb491

Linux 710585d4922fd315f2cada8fbe550ae8ed23e994

Linux 710585d4922fd315f2cada8fbe550ae8ed23e994 < 4cba73c4c89219beef7685a47374bf88b1022369

References

https://git.kernel.org/stable/c/1d1596d68a6f11d28f677eedf...

https://git.kernel.org/stable/c/c81d0385500446efe48c305bb...

https://git.kernel.org/stable/c/4cba73c4c89219beef7685a47...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

CVE-2025-40271 Data

JSON