Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-40149
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-12 Nov, 2025 | 10:23
Updated At-06 Feb, 2026 | 16:31
Rejected At-
▼CVE Numbering Authority (CNA)
tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). get_netdev_for_sock() is called during setsockopt(), so not under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the only ->ndo_sk_get_lower_dev() user is bond_sk_get_lower_dev(), which uses RCU.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/tls/tls_device.c
Default Status
unaffected
Versions
Affected
  • From e8f69799810c32dd40c6724d829eccc70baad07f before 2b1bef126bbb8d0da51491357559126d567c1dee (git)
  • From e8f69799810c32dd40c6724d829eccc70baad07f before e37ca0092ddace60833790b4ad7a390408fb1be9 (git)
  • From e8f69799810c32dd40c6724d829eccc70baad07f before 13159c7125636371543a82cb7bbae00ab36730cc (git)
  • From e8f69799810c32dd40c6724d829eccc70baad07f before f09cd209359a23f88d4f3fa3d2379d057027e53c (git)
  • From e8f69799810c32dd40c6724d829eccc70baad07f before feb474ddbf26b51f462ae2e60a12013bdcfc5407 (git)
  • From e8f69799810c32dd40c6724d829eccc70baad07f before c65f27b9c3be2269918e1cbad6d8884741f835c5 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/tls/tls_device.c
Default Status
affected
Versions
Affected
  • 4.18
Unaffected
  • From 0 before 4.18 (semver)
  • From 5.15.199 through 5.15.* (semver)
  • From 6.1.161 through 6.1.* (semver)
  • From 6.6.121 through 6.6.* (semver)
  • From 6.12.66 through 6.12.* (semver)
  • From 6.17.3 through 6.17.* (semver)
  • From 6.18 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/2b1bef126bbb8d0da51491357559126d567c1dee
N/A
https://git.kernel.org/stable/c/e37ca0092ddace60833790b4ad7a390408fb1be9
N/A
https://git.kernel.org/stable/c/13159c7125636371543a82cb7bbae00ab36730cc
N/A
https://git.kernel.org/stable/c/f09cd209359a23f88d4f3fa3d2379d057027e53c
N/A
https://git.kernel.org/stable/c/feb474ddbf26b51f462ae2e60a12013bdcfc5407
N/A
https://git.kernel.org/stable/c/c65f27b9c3be2269918e1cbad6d8884741f835c5
N/A
Hyperlink: https://git.kernel.org/stable/c/2b1bef126bbb8d0da51491357559126d567c1dee
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/e37ca0092ddace60833790b4ad7a390408fb1be9
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/13159c7125636371543a82cb7bbae00ab36730cc
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/f09cd209359a23f88d4f3fa3d2379d057027e53c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/feb474ddbf26b51f462ae2e60a12013bdcfc5407
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/c65f27b9c3be2269918e1cbad6d8884741f835c5
Resource: N/A
Details not found