[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-40003":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":41,"related":42,"reserved_at":9,"published_at":49,"modified_at":50,"state":51,"summary":52,"references_raw":56,"kevs":71,"epss":72,"epss_history":75,"metrics":346,"affected":347},"CVE-2025-40003","In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: Fix use-after-free caused by cyclic delayed work\n\nThe origin code calls cancel_delayed_work() in ocelot_stats_deinit()\nto cancel the cyclic delayed work item ocelot->stats_work. However,\ncancel_delayed_work() may fail to cancel the work item if it is already\nexecuting. While destroy_workqueue() does wait for all pending work items\nin the work queue to complete before destroying the work queue, it cannot\nprevent the delayed work item from being rescheduled within the\nocelot_check_stats_work() function. This limitation exists because the\ndelayed work item is only enqueued into the work queue after its timer\nexpires. Before the timer expiration, destroy_workqueue() has no visibility\nof this pending work item. Once the work queue appears empty,\ndestroy_workqueue() proceeds with destruction. When the timer eventually\nexpires, the delayed work item gets queued again, leading to the following\nwarning:\n\nworkqueue: cannot queue ocelot_check_stats_work on wq ocelot-switch-stats\nWARNING: CPU: 2 PID: 0 at kernel/workqueue.c:2255 __queue_work+0x875/0xaf0\n...\nRIP: 0010:__queue_work+0x875/0xaf0\n...\nRSP: 0018:ffff88806d108b10 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000101 RCX: 0000000000000027\nRDX: 0000000000000027 RSI: 0000000000000004 RDI: ffff88806d123e88\nRBP: ffffffff813c3170 R08: 0000000000000000 R09: ffffed100da247d2\nR10: ffffed100da247d1 R11: ffff88806d123e8b R12: ffff88800c00f000\nR13: ffff88800d7285c0 R14: ffff88806d0a5580 R15: ffff88800d7285a0\nFS:  0000000000000000(0000) GS:ffff8880e5725000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe18e45ea10 CR3: 0000000005e6c000 CR4: 00000000000006f0\nCall Trace:\n \u003CIRQ>\n ? kasan_report+0xc6/0xf0\n ? __pfx_delayed_work_timer_fn+0x10/0x10\n ? __pfx_delayed_work_timer_fn+0x10/0x10\n call_timer_fn+0x25/0x1c0\n __run_timer_base.part.0+0x3be/0x8c0\n ? __pfx_delayed_work_timer_fn+0x10/0x10\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x1c0/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003C/IRQ>\n...\n\nThe following diagram reveals the cause of the above warning:\n\nCPU 0 (remove)             | CPU 1 (delayed work callback)\nmscc_ocelot_remove()       |\n  ocelot_deinit()          | ocelot_check_stats_work()\n    ocelot_stats_deinit()  |\n      cancel_delayed_work()|   ...\n                           |   queue_delayed_work()\n      destroy_workqueue()  | (wait a time)\n                           | __queue_work() //UAF\n\nThe above scenario actually constitutes a UAF vulnerability.\n\nThe ocelot_stats_deinit() is only invoked when initialization\nfailure or resource destruction, so we must ensure that any\ndelayed work items cannot be rescheduled.\n\nReplace cancel_delayed_work() with disable_delayed_work_sync()\nto guarantee proper cancellation of the delayed work item and\nensure completion of any currently executing work before the\nworkqueue is deallocated.\n\nA deadlock concern was considered: ocelot_stats_deinit() is called\nin a process context and is not holding any locks that the delayed\nwork item might also need. Therefore, the use of the _sync() variant\nis safe here.\n\nThis bug was identified through static analysis. To reproduce the\nissue and validate the fix, I simulated ocelot-swit\n---truncated---",null,[],[],[],[],[15,17,19,21,23,25,27,29,31,33,35,37,39],{"_key":16},"OPENSUSE-SU-2026:10301-1",{"_key":18},"SUSE-SU-2026:20012-1",{"_key":20},"SUSE-SU-2026:20015-1",{"_key":22},"SUSE-SU-2026:20021-1",{"_key":24},"OPENSUSE-SU-2025:15671-1",{"_key":26},"OPENSUSE-SU-2025:20172-1",{"_key":28},"USN-8029-1",{"_key":30},"USN-8029-2",{"_key":32},"USN-8029-3",{"_key":34},"USN-8030-1",{"_key":36},"DEBIAN-CVE-2025-40003",{"_key":38},"UBUNTU-CVE-2025-40003",{"_key":40},"USN-8048-1",[],[43,44,45,46,47,48],{"_key":16},{"_key":18},{"_key":20},{"_key":22},{"_key":24},{"_key":26},"2025-10-18T08:03:23.529Z","2026-05-11T21:40:35.770Z","Deferred",{"cisa_kev":53,"cisa_ransomware":53,"cisa_vendor":9,"epss_severity":54,"epss_score":55,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":51},false,"low",0.0004,[57,63,67],{"url":58,"sources":59,"tags":62},"https://git.kernel.org/stable/c/70acdd1eb35ffb3afdcb59e4c3bbb178da411d0f",[60,61],"cve.org","nvd",[],{"url":64,"sources":65,"tags":66},"https://git.kernel.org/stable/c/c3363db5d0685a8d077ade706051bbccc75f7e14",[60,61],[],{"url":68,"sources":69,"tags":70},"https://git.kernel.org/stable/c/bc9ea787079671cb19a8b25ff9f02be5ef6bfcf5",[60,61],[],[],{"date":73,"score":55,"percentile":74},"2026-06-04",0.12266,[76,80,83,86,89,92,95,98,101,104,107,110,113,116,119,123,127,130,133,136,139,142,145,148,151,154,157,160,163,166,169,172,175,178,181,184,187,190,193,197,200,203,206,209,212,215,218,221,224,227,230,233,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,281,284,287,290,292,294,297,300,303,306,309,312,315,318,321,324,326,329,331,334,337,340,343],{"date":77,"score":78,"percentile":79},"2025-11-04",0.00022,0.04438,{"date":81,"score":78,"percentile":82},"2025-11-05",0.04443,{"date":84,"score":78,"percentile":85},"2025-11-06",0.04557,{"date":87,"score":78,"percentile":88},"2025-11-07",0.04567,{"date":90,"score":78,"percentile":91},"2025-11-08",0.04562,{"date":93,"score":78,"percentile":94},"2025-11-09",0.04566,{"date":96,"score":78,"percentile":97},"2025-11-10",0.04551,{"date":99,"score":78,"percentile":100},"2025-11-11",0.04587,{"date":102,"score":78,"percentile":103},"2025-11-12",0.04616,{"date":105,"score":78,"percentile":106},"2025-11-13",0.04649,{"date":108,"score":78,"percentile":109},"2025-11-14",0.04665,{"date":111,"score":78,"percentile":112},"2025-11-15",0.04712,{"date":114,"score":78,"percentile":115},"2025-11-16",0.04728,{"date":117,"score":78,"percentile":118},"2025-11-17",0.04716,{"date":120,"score":121,"percentile":122},"2025-11-18",0.00033,0.05146,{"date":124,"score":125,"percentile":126},"2025-11-19",0.00035,0.05998,{"date":128,"score":125,"percentile":129},"2025-11-20",0.06032,{"date":131,"score":125,"percentile":132},"2025-11-21",0.09877,{"date":134,"score":125,"percentile":135},"2025-11-22",0.09852,{"date":137,"score":125,"percentile":138},"2025-11-23",0.09821,{"date":140,"score":125,"percentile":141},"2025-11-24",0.09798,{"date":143,"score":125,"percentile":144},"2025-11-25",0.09791,{"date":146,"score":125,"percentile":147},"2025-11-26",0.09794,{"date":149,"score":125,"percentile":150},"2025-11-27",0.09807,{"date":152,"score":125,"percentile":153},"2025-11-28",0.09793,{"date":155,"score":125,"percentile":156},"2025-11-29",0.09819,{"date":158,"score":125,"percentile":159},"2025-11-30",0.09831,{"date":161,"score":125,"percentile":162},"2025-12-01",0.09873,{"date":164,"score":125,"percentile":165},"2025-12-02",0.09885,{"date":167,"score":125,"percentile":168},"2025-12-03",0.09906,{"date":170,"score":125,"percentile":171},"2025-12-04",0.09896,{"date":173,"score":125,"percentile":174},"2025-12-05",0.0995,{"date":176,"score":125,"percentile":177},"2025-12-06",0.09966,{"date":179,"score":125,"percentile":180},"2025-12-07",0.09968,{"date":182,"score":125,"percentile":183},"2025-12-08",0.09964,{"date":185,"score":125,"percentile":186},"2025-12-09",0.10013,{"date":188,"score":125,"percentile":189},"2025-12-10",0.10087,{"date":191,"score":125,"percentile":192},"2025-12-11",0.10113,{"date":194,"score":195,"percentile":196},"2025-12-12",0.0003,0.07914,{"date":198,"score":195,"percentile":199},"2025-12-13",0.07879,{"date":201,"score":195,"percentile":202},"2025-12-14",0.07862,{"date":204,"score":195,"percentile":205},"2025-12-15",0.07806,{"date":207,"score":195,"percentile":208},"2025-12-16",0.07838,{"date":210,"score":195,"percentile":211},"2025-12-17",0.07919,{"date":213,"score":195,"percentile":214},"2025-12-18",0.07981,{"date":216,"score":195,"percentile":217},"2025-12-19",0.07969,{"date":219,"score":195,"percentile":220},"2025-12-20",0.07954,{"date":222,"score":195,"percentile":223},"2025-12-21",0.07926,{"date":225,"score":195,"percentile":226},"2025-12-22",0.0788,{"date":228,"score":195,"percentile":229},"2025-12-23",0.0789,{"date":231,"score":195,"percentile":232},"2025-12-24",0.0791,{"date":234,"score":235,"percentile":236},"2025-12-25",0.00031,0.0848,{"date":238,"score":235,"percentile":239},"2025-12-26",0.08482,{"date":241,"score":235,"percentile":242},"2025-12-27",0.08474,{"date":244,"score":235,"percentile":245},"2025-12-28",0.08488,{"date":247,"score":235,"percentile":248},"2025-12-29",0.08469,{"date":250,"score":235,"percentile":251},"2025-12-30",0.08431,{"date":253,"score":235,"percentile":254},"2025-12-31",0.0847,{"date":256,"score":235,"percentile":257},"2026-01-01",0.08534,{"date":259,"score":235,"percentile":260},"2026-01-02",0.08532,{"date":262,"score":235,"percentile":263},"2026-01-03",0.08526,{"date":265,"score":235,"percentile":266},"2026-01-04",0.08463,{"date":268,"score":235,"percentile":269},"2026-01-05",0.08413,{"date":271,"score":235,"percentile":272},"2026-01-06",0.08398,{"date":274,"score":235,"percentile":275},"2026-01-07",0.08435,{"date":277,"score":235,"percentile":278},"2026-01-08",0.0851,{"date":280,"score":235,"percentile":263},"2026-01-09",{"date":282,"score":235,"percentile":283},"2026-01-10",0.08546,{"date":285,"score":235,"percentile":286},"2026-01-11",0.08494,{"date":288,"score":235,"percentile":289},"2026-01-12",0.08466,{"date":291,"score":235,"percentile":275},"2026-01-13",{"date":293,"score":235,"percentile":266},"2026-01-14",{"date":295,"score":235,"percentile":296},"2026-01-15",0.08456,{"date":298,"score":235,"percentile":299},"2026-01-16",0.08479,{"date":301,"score":235,"percentile":302},"2026-01-17",0.08499,{"date":304,"score":235,"percentile":305},"2026-01-18",0.08477,{"date":307,"score":235,"percentile":308},"2026-01-19",0.0843,{"date":310,"score":235,"percentile":311},"2026-01-20",0.08385,{"date":313,"score":235,"percentile":314},"2026-01-21",0.08366,{"date":316,"score":235,"percentile":317},"2026-01-22",0.08339,{"date":319,"score":235,"percentile":320},"2026-01-23",0.08433,{"date":322,"score":235,"percentile":323},"2026-01-24",0.08501,{"date":325,"score":235,"percentile":305},"2026-01-25",{"date":327,"score":235,"percentile":328},"2026-01-26",0.08439,{"date":330,"score":235,"percentile":275},"2026-01-27",{"date":332,"score":235,"percentile":333},"2026-01-28",0.08409,{"date":335,"score":235,"percentile":336},"2026-01-29",0.0839,{"date":338,"score":235,"percentile":339},"2026-01-30",0.08399,{"date":341,"score":235,"percentile":342},"2026-01-31",0.08429,{"date":344,"score":235,"percentile":345},"2026-02-01",0.08458,[],[348],{"ecosystem":9,"name":349,"vendor":350,"product":350,"cpe_part":351,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":352},"Linux","linux","a",[353,360,363,366],{"version":354,"is_range":355,"range_type":60,"version_start":356,"version_start_type":357,"version_end":358,"version_end_type":359,"fixed_in":9},">= a556c76adc052c979ef9e80f0cd3fa1379ff4943, \u003C 70acdd1eb35ffb3afdcb59e4c3bbb178da411d0f",true,"a556c76adc052c979ef9e80f0cd3fa1379ff4943","including","70acdd1eb35ffb3afdcb59e4c3bbb178da411d0f","excluding",{"version":361,"is_range":355,"range_type":60,"version_start":356,"version_start_type":357,"version_end":362,"version_end_type":359,"fixed_in":9},">= a556c76adc052c979ef9e80f0cd3fa1379ff4943, \u003C c3363db5d0685a8d077ade706051bbccc75f7e14","c3363db5d0685a8d077ade706051bbccc75f7e14",{"version":364,"is_range":355,"range_type":60,"version_start":356,"version_start_type":357,"version_end":365,"version_end_type":359,"fixed_in":9},">= a556c76adc052c979ef9e80f0cd3fa1379ff4943, \u003C bc9ea787079671cb19a8b25ff9f02be5ef6bfcf5","bc9ea787079671cb19a8b25ff9f02be5ef6bfcf5",{"version":367,"is_range":53,"range_type":60,"version_start":367,"version_start_type":357,"version_end":367,"version_end_type":357,"fixed_in":9},"4.18"]