CVE-2025-40139

NONE EPSS 5.8%
Published Nov 12, 20257mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Nov 12, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). smc_clc_prfx_set() is called during connect() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dev_dst_rcu() under rcu_read_lock() after kernel_getsockname(). Note that the returned value of smc_clc_prfx_set() is not used in the caller. While at it, we change the 1st arg of smc_clc_prfx_set[46]_rcu() not to touch dst there.

Threat Intelligence

EPSS Exploit Probability
5.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 2

  • git.kernel.org https://git.kernel.org/stable/c/0736993bfe5c7a9c744ae3fac62d769dfdae54e1
  • git.kernel.org https://git.kernel.org/stable/c/935d783e5de9b64587f3adb25641dd8385e64ddb

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.