CVE-2025-40158

Advisory lineage Upstream: 0 Downstream: 24

Downstream

DEBIAN-CVE-2025-40158 OPENSUSE-SU-2025:20172-1 RHSA-2026:1690 RHSA-2026:2212 RHSA-2026:2264 RHSA-2026:2378

Deferred

Published: 12 Nov 2025, 10:23

Last modified:11 May 2026, 21:43

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Nov 2025, 10:23

Published

Vulnerability first disclosed

11 May 2026, 21:43

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().

EPSS Trends

Current EPSS score: 0.02%• Percentile: 7%

Affected Systems

linux•linux
≥ 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36, < 0393f85c3241c19ba8550f04a812e7d19f6b3082 | ≥ 4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36, < 11709573cc4e48dc34c80fc7ab9ce5b159e29695 | 4.13