CVE-2025-40168

Advisory lineage Upstream: 0 Downstream: 31

Downstream

DEBIAN-CVE-2025-40168 OPENSUSE-SU-2025:20172-1 RHSA-2026:2720 RHSA-2026:2821 RHSA-2026:3275 RHSA-2026:3488

Deferred

Published: 12 Nov 2025, 10:46

Last modified:11 May 2026, 21:44

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

0.03% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Nov 2025, 10:46

Published

Vulnerability first disclosed

11 May 2026, 21:44

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the returned value of smc_clc_prfx_match() is not used in the caller.

EPSS Trends

Current EPSS score: 0.03%• Percentile: 8%

Affected Systems

linux•linux
≥ a046d57da19f812216f393e7c535f5858f793ac3, < d26e80f7fb62d77757b67a1b94e4ac756bc9c658 | ≥ a046d57da19f812216f393e7c535f5858f793ac3, < 235f81045c008169cc4e1955b4a64e118eebe61b | 4.11