Home

Description

In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu() Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF. Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu().

PUBLISHED Reserved 2025-04-16 | Published 2025-10-28 | Updated 2025-10-28 | Assigner Linux

Product status

Default status
unaffected

4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 (git) before 923e0734c386984d45de508528a7a7ad91d791cc
affected

4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36 (git) before 6ad8de3cefdb6ffa6708b21c567df0dbf82c43a8
affected

Default status
affected

4.13
affected

Any version before 4.13
unaffected

6.17.3 (semver)
unaffected

6.18-rc1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/923e0734c386984d45de508528a7a7ad91d791cc

git.kernel.org/...c/6ad8de3cefdb6ffa6708b21c567df0dbf82c43a8

cve.org (CVE-2025-40074)

nvd.nist.gov (CVE-2025-40074)

Download JSON