7.8

CVE-2025-40149

tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

In the Linux kernel, the following vulnerability has been resolved:

tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

get_netdev_for_sock() is called during setsockopt(),
so not under RCU.

Using sk_dst_get(sk)->dev could trigger UAF.

Let's use __sk_dst_get() and dst_dev_rcu().

Note that the only ->ndo_sk_get_lower_dev() user is
bond_sk_get_lower_dev(), which uses RCU.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.18 < 5.15.199
LinuxLinux Kernel Version >= 5.16 < 6.1.161
LinuxLinux Kernel Version >= 6.2 < 6.6.121
LinuxLinux Kernel Version >= 6.7 < 6.12.66
LinuxLinux Kernel Version >= 6.13 < 6.17.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.053
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/feb474ddbf26b51f462ae2e60a12013bdcfc5407
Patch
https://git.kernel.org/stable/c/c65f27b9c3be2269918e1cbad6d8884741f835c5
Patch
https://git.kernel.org/stable/c/13159c7125636371543a82cb7bbae00ab36730cc
Patch
https://git.kernel.org/stable/c/e37ca0092ddace60833790b4ad7a390408fb1be9
Patch
https://git.kernel.org/stable/c/f09cd209359a23f88d4f3fa3d2379d057027e53c
Patch
https://git.kernel.org/stable/c/2b1bef126bbb8d0da51491357559126d567c1dee
Patch