Use-After-Free Vulnerability in Linux Kernel Affecting Networking Components
CVE-2025-40297
What is CVE-2025-40297?
A use-after-free vulnerability has been identified in the Linux kernel's networking components related to the bridge subsystem. This issue occurs during a race condition where the system attempts to delete an expired Forwarding Database (fdb) entry while learning processes are still active. If Multiple Spanning Tree (MST) protocol is enabled and VLAN filtering is disabled, it may allow fdb learning to occur after a port has been marked for deletion. The vulnerability has been addressed by implementing a check for the port's VLAN group during the deletion process. This check ensures that the state bypass does not happen, preserving the integrity of network operations and preventing unauthorized learning.
Affected Version(s)
Linux ec7328b59176227216c461601c6bd0e922232a9b
Linux ec7328b59176227216c461601c6bd0e922232a9b < 3b60ce334c1ce8b3fad7e02dcd5ed9f6646477c8
Linux ec7328b59176227216c461601c6bd0e922232a9b