-
CVE-2025-40139
- EPSS 0.03%
- Veröffentlicht 12.11.2025 10:23:24
- Zuletzt bearbeitet 12.11.2025 16:19:12
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). smc_clc_prfx_set() is called during connect() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dev_dst_rcu() under rcu_read_lock() after kernel_getsockname(). Note that the returned value of smc_clc_prfx_set() is not used in the caller. While at it, we change the 1st arg of smc_clc_prfx_set[46]_rcu() not to touch dst there.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
0736993bfe5c7a9c744ae3fac62d769dfdae54e1
Version
a046d57da19f812216f393e7c535f5858f793ac3
Status
affected
Version <
935d783e5de9b64587f3adb25641dd8385e64ddb
Version
a046d57da19f812216f393e7c535f5858f793ac3
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.11
Status
affected
Version <
4.11
Version
0
Status
unaffected
Version <=
6.17.*
Version
6.17.3
Status
unaffected
Version <=
*
Version
6.18
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.066 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|