Use-After-Free Vulnerability in TIPC Component of Linux Kernel
CVE-2025-40280

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40280?

A use-after-free vulnerability was identified within the TIPC (Transparent Inter-Process Communication) component of the Linux Kernel. This vulnerability occurs due to incorrect handling of the monitor array in the tipc_mon_reinit_self() function, which iterates over the array without proper protection mechanisms. Specifically, while the array is typically safeguarded by RTNL (Read/Write lock for network stack), inadequate synchronization during certain operations could lead to memory access violations. An attacker could exploit this flaw, potentially leading to memory corruption and unauthorized access, thus affecting system stability and security.

Affected Version(s)

Linux 28845c28f842e9e55e75b2c116bff714bb039055 < 5f541300b02ef8b2af34f6f7d41ce617f3571e88

Linux 46cb01eeeb86fca6afe24dda1167b0cb95424e29

Linux 46cb01eeeb86fca6afe24dda1167b0cb95424e29 < 51b8f0ab888f8aa5dfac954918864eeda8c12c19

References

https://git.kernel.org/stable/c/5f541300b02ef8b2af34f6f7d...

https://git.kernel.org/stable/c/b2e77c789c234e7fe49057d2c...

https://git.kernel.org/stable/c/51b8f0ab888f8aa5dfac95491...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON