-

CVE-2025-40018

EPSS 0.05%
Veröffentlicht 24.10.2025 11:44:28
Zuletzt bearbeitet 29.10.2025 14:15:52
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ipvs: Defer ip_vs_ftp unregister during netns cleanup

On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp
before connections with valid cp->app pointers are flushed, leading to a
use-after-free.

Fix this by introducing a global `exiting_module` flag, set to true in
ip_vs_ftp_exit() before unregistering the pernet subsystem. In
__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns
cleanup (when exiting_module is false) and defer it to
__ip_vs_cleanup_batch(), which unregisters all apps after all connections
are flushed. If called during module exit, unregister ip_vs_ftp
immediately.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 8a6ecab3847c213ce2855b0378e63ce839085de3

Version 61b1ab4583e275af216c8454b9256de680499b19

Status affected

Version < 421b1ae1574dfdda68b835c15ac4921ec0030182

Version 61b1ab4583e275af216c8454b9256de680499b19

Status affected

Version < 1d79471414d7b9424d699afff2aa79fff322f52d

Version 61b1ab4583e275af216c8454b9256de680499b19

Status affected

Version < 53717f8a4347b78eac6488072ad8e5adbaff38d9

Version 61b1ab4583e275af216c8454b9256de680499b19

Status affected

Version < 8cbe2a21d85727b66d7c591fd5d83df0d8c4f757

Version 61b1ab4583e275af216c8454b9256de680499b19

Status affected

Version < dc1a481359a72ee7e548f1f5da671282a7c13b8f

Version 61b1ab4583e275af216c8454b9256de680499b19

Status affected

Version < a343811ef138a265407167294275201621e9ebb2

Version 61b1ab4583e275af216c8454b9256de680499b19

Status affected

Version < 134121bfd99a06d44ef5ba15a9beb075297c0821

Version 61b1ab4583e275af216c8454b9256de680499b19

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.39

Status affected

Version < 2.6.39

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.301

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.195

Status unaffected

Version <= 6.1.*

Version 6.1.156

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.159

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/1d79471414d7b9424d699afff2aa79fff322f52d

https://git.kernel.org/stable/c/53717f8a4347b78eac6488072ad8e5adbaff38d9

https://git.kernel.org/stable/c/8cbe2a21d85727b66d7c591fd5d83df0d8c4f757

https://git.kernel.org/stable/c/dc1a481359a72ee7e548f1f5da671282a7c13b8f

https://git.kernel.org/stable/c/a343811ef138a265407167294275201621e9ebb2

https://git.kernel.org/stable/c/134121bfd99a06d44ef5ba15a9beb075297c0821

https://git.kernel.org/stable/c/421b1ae1574dfdda68b835c15ac4921ec0030182

https://git.kernel.org/stable/c/8a6ecab3847c213ce2855b0378e63ce839085de3

https://nvd.nist.gov/vuln/detail/CVE-2025-40018

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40018

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40018

EUVD