CVE-2025-40074 in Linuxinfo

Summary

by MITRE • 10/28/2025

In the Linux kernel, the following vulnerability has been resolved:

ipv4: start using dst_dev_rcu()

Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF.

Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), ipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu().

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 02/15/2026

The vulnerability identified as CVE-2025-40074 represents a critical memory safety issue within the Linux kernel's IPv4 networking stack that could potentially lead to use-after-free conditions and system instability. This vulnerability specifically affects the kernel's handling of network packet processing and routing operations, where improper memory management could allow malicious actors to exploit memory corruption patterns. The issue manifests in multiple functions that process IPv4 packets and manage multicast routing, creating potential attack vectors that could compromise system integrity and availability.

The technical flaw stems from the improper use of reference counting mechanisms in the kernel's networking subsystem, particularly in functions that handle IPv4 packet forwarding and multicast routing. The vulnerability occurs when functions like icmpv4_xrlim_allow(), ip_defrag(), ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(), and ipv4_neigh_lookup() fail to properly utilize the dst_dev_rcu() function with lockdep enabled. This oversight creates scenarios where network device references may be freed while still being accessed, leading to potential use-after-free conditions that could be exploited by attackers to execute arbitrary code or cause denial of service.

The operational impact of this vulnerability extends beyond simple system crashes, as it affects the fundamental stability of network operations within the Linux kernel. When these functions encounter memory corruption scenarios, they may cause kernel panics, system hangs, or allow privilege escalation attacks that could enable malicious users to gain elevated system privileges. The vulnerability particularly affects systems running Linux kernels with active IPv4 networking and multicast routing capabilities, making it relevant to a broad range of network infrastructure and server environments.

Security mitigations for CVE-2025-40074 involve implementing the corrected dst_dev_rcu() usage with proper lockdep enablement across all affected functions. System administrators should prioritize applying kernel updates that include the patched code, which ensures that network packet processing functions properly handle reference counting and memory management. The fix specifically addresses the underlying CWE-416 use-after-free vulnerability pattern, aligning with ATT&CK technique T1059.001 for command and scripting interpreter usage and T1499.004 for network disruption. Organizations should also implement network monitoring to detect potential exploitation attempts and maintain robust patch management processes to ensure all systems receive timely security updates. The vulnerability highlights the importance of proper memory management in kernel space and demonstrates how seemingly minor reference counting issues can have significant security implications across network subsystems.

Responsible

Linux

Reservation

04/16/2025

Disclosure

10/28/2025

Moderation

accepted

CPE

ready

EPSS

0.00170

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!