-
CVE-2025-40215
- EPSS 0.04%
- Veröffentlicht 04.12.2025 12:38:32
- Zuletzt bearbeitet 19.01.2026 13:16:08
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved:
xfrm: delete x->tunnel as we delete x
The ipcomp fallback tunnels currently get deleted (from the various
lists and hashtables) as the last user state that needed that fallback
is destroyed (not deleted). If a reference to that user state still
exists, the fallback state will remain on the hashtables/lists,
triggering the WARN in xfrm_state_fini. Because of those remaining
references, the fix in commit f75a2804da39 ("xfrm: destroy xfrm_state
synchronously on net exit path") is not complete.
We recently fixed one such situation in TCP due to defered freeing of
skbs (commit 9b6412e6979f ("tcp: drop secpath at the same time as we
currently drop dst")). This can also happen due to IP reassembly: skbs
with a secpath remain on the reassembly queue until netns
destruction. If we can't guarantee that the queues are flushed by the
time xfrm_state_fini runs, there may still be references to a (user)
xfrm_state, preventing the timely deletion of the corresponding
fallback state.
Instead of chasing each instance of skbs holding a secpath one by one,
this patch fixes the issue directly within xfrm, by deleting the
fallback state as soon as the last user state depending on it has been
deleted. Destruction will still happen when the final reference is
dropped.
A separate lockdep class for the fallback state is required since
we're going to lock x->tunnel while x is locked.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
1b28a7fae0128fa140a7dccd995182ff6cd1c67b
Version
9d4139c76905833afcb77fe8ccc17f302a0eb9ab
Status
affected
Version <
4b2c17d0f9be8b58bb30468bc81a4b61c985b04e
Version
9d4139c76905833afcb77fe8ccc17f302a0eb9ab
Status
affected
Version <
0da961fa46da1b37ef868d9b603bd202136f8f8e
Version
9d4139c76905833afcb77fe8ccc17f302a0eb9ab
Status
affected
Version <
d0e0d1097118461463b76562c7ebaabaa5b90b13
Version
9d4139c76905833afcb77fe8ccc17f302a0eb9ab
Status
affected
Version <
dc3636912d41770466543623cb76e7b88fdb42c7
Version
9d4139c76905833afcb77fe8ccc17f302a0eb9ab
Status
affected
Version <
b441cf3f8c4b8576639d20c8eb4aa32917602ecd
Version
9d4139c76905833afcb77fe8ccc17f302a0eb9ab
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
2.6.29
Status
affected
Version <
2.6.29
Version
0
Status
unaffected
Version <=
5.10.*
Version
5.10.248
Status
unaffected
Version <=
5.15.*
Version
5.15.198
Status
unaffected
Version <=
6.1.*
Version
6.1.160
Status
unaffected
Version <=
6.6.*
Version
6.6.120
Status
unaffected
Version <=
6.12.*
Version
6.12.62
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.098 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|