-

CVE-2025-40176

EPSS 0.03%
Veröffentlicht 12.11.2025 10:53:50
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

tls: wait for pending async decryptions if tls_strp_msg_hold fails

In the Linux kernel, the following vulnerability has been resolved:

tls: wait for pending async decryptions if tls_strp_msg_hold fails

Async decryption calls tls_strp_msg_hold to create a clone of the
input skb to hold references to the memory it uses. If we fail to
allocate that clone, proceeding with async decryption can lead to
various issues (UAF on the skb, writing into userspace memory after
the recv() call has returned).

In this case, wait for all pending decryption requests.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 7

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417

Version < 9f83fd0c179e0f458e824e417f9d5ad53443f685

Status affected

Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417

Version < c61d4368197d65c4809d9271f3b85325a600586a

Status affected

Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417

Version < 39dec4ea3daf77f684308576baf483b55ca7f160

Status affected

Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417

Version < 4fc109d0ab196bd943b7451276690fb6bb48c2e0

Status affected

Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417

Version < b8a6ff84abbcbbc445463de58704686011edc8e1

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version 0

Version < 6.0

Status unaffected

Version <= 6.1.*

Version 6.1.158

Status unaffected

Version <= 6.6.*

Version 6.6.114

Status unaffected

Version <= 6.12.*

Version 6.12.55

Status unaffected

Version <= 6.17.*

Version 6.17.5

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.084

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/9f83fd0c179e0f458e824e417f9d5ad53443f685

https://git.kernel.org/stable/c/c61d4368197d65c4809d9271f3b85325a600586a

https://git.kernel.org/stable/c/39dec4ea3daf77f684308576baf483b55ca7f160

https://git.kernel.org/stable/c/4fc109d0ab196bd943b7451276690fb6bb48c2e0

https://git.kernel.org/stable/c/b8a6ff84abbcbbc445463de58704686011edc8e1

https://nvd.nist.gov/vuln/detail/CVE-2025-40176

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40176

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40176

EUVD