CVE-2025-40133

Published: Nov 12, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). mptcp_active_enable() is called from subflow_finish_connect(), which is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu().

Vendor	Product	Versions
Linux	Linux	affected `27069e7cb3d1cea9377069266acf19b9cc5ad0ae - < ad16235c9d3ef7ec17c109ff39b7504f49d17072` affected `27069e7cb3d1cea9377069266acf19b9cc5ad0ae - < cc976ec9e38bb79409de3261ba1dbb6868e2a53e` affected `27069e7cb3d1cea9377069266acf19b9cc5ad0ae - < 893c49a78d9f85e4b8081b908fb7c407d018106a`
Linux	Linux	affected `6.12` unaffected `0 - < 6.12` unaffected `6.12.55 - <= 6.12.` unaffected `6.17.3 - <= 6.17.` unaffected `6.18 - <= *`

References

https://git.kernel.org/stable/c/ad16235c9d3ef7ec17c109ff39b7504f49d17072

https://git.kernel.org/stable/c/cc976ec9e38bb79409de3261ba1dbb6868e2a53e

https://git.kernel.org/stable/c/893c49a78d9f85e4b8081b908fb7c407d018106a

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40133

Description

Affected Products

References