CVE-2025-40158

Nov. 12, 2025, 4:19 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().

Product(s) Impacted

Product Versions
kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/0393f85c3241c19ba8550f04a812e7d19f6b3082
https://git.kernel.org/stable/c/11709573cc4e48dc34c80fc7ab9ce5b159e29695

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-11-12
CVE-2025-40158

Timeline

Published: Nov. 12, 2025, 11:15 a.m.
Last Modified: Nov. 12, 2025, 4:19 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.