CVE-2025-40018

Advisory lineage Upstream: 0 Downstream: 130
Deferred
Published: 24 Oct 2025, 11:44
Last modified:11 May 2026, 21:40

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
0.06% LOW
0% probability +0.01%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Oct 2025, 11:44
Published
Vulnerability first disclosed
11 May 2026, 21:40
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.

EPSS Trends

Current EPSS score: 0.06% Percentile: 20%

Affected Systems

  • linuxlinux

    ≥ 61b1ab4583e275af216c8454b9256de680499b19, < 8a6ecab3847c213ce2855b0378e63ce839085de3 | ≥ 61b1ab4583e275af216c8454b9256de680499b19, < 421b1ae1574dfdda68b835c15ac4921ec0030182 | ≥ 61b1ab4583e275af216c8454b9256de680499b19, < 1d79471414d7b9424d699afff2aa79fff322f52d | ≥ 61b1ab4583e275af216c8454b9256de680499b19, < 53717f8a4347b78eac6488072ad8e5adbaff38d9 | ≥ 61b1ab4583e275af216c8454b9256de680499b19, < 8cbe2a21d85727b66d7c591fd5d83df0d8c4f757 | ≥ 61b1ab4583e275af216c8454b9256de680499b19, < dc1a481359a72ee7e548f1f5da671282a7c13b8f | ≥ 61b1ab4583e275af216c8454b9256de680499b19, < a343811ef138a265407167294275201621e9ebb2 | ≥ 61b1ab4583e275af216c8454b9256de680499b19, < 134121bfd99a06d44ef5ba15a9beb075297c0821 | 2.6.39

References (8)