Description

In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the returned value of smc_clc_prfx_match() is not used in the caller.

INFO

Published Date :

2025-11-12T10:46:51.422Z

Last Modified :

2025-12-01T06:19:22.173Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40168 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40168.

URL Resource
https://git.kernel.org/stable/c/235f81045c008169cc4e1955b4a64e118eebe61b cve-icon cve-icon
https://git.kernel.org/stable/c/d26e80f7fb62d77757b67a1b94e4ac756bc9c658 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025111256-CVE-2025-40168-bdd5@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40168 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40168 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact