CVE-2025-40074
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/10/2025
Last modified:
30/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ipv4: start using dst_dev_rcu()<br />
<br />
Change icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF.<br />
<br />
Change ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(),<br />
ipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu().