CVE-2025-40002Linux vulnerability

15 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 92.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 18
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix use-after-free in tb_dp_dprx_work The original code relies on cancel_delayed_work() in tb_dp_dprx_stop(), which does not ensure that the delayed work item tunnel->dprx_work has fully completed if it was already running. This leads to use-after-free scenarios where tb_tunnel is deallocated by tb_tunnel_put(), while tunnel->dprx_work remains active and attempts to dereference tb_tunnel in tb_dp_dprx_work(). A t

Affected Packages5 packages

Linuxlinux/linux_kernel6.14.06.17.3
Debianlinux/linux_kernel< 6.17.6-1
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linuxd6d458d42e1e1544a18f37f1d5c840e00d5261b9c07923f6a8729fc27ee652221a51702ff6654097+2
debiandebian/linux< linux 6.17.6-1 (forky)

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: thunderbolt: Fix use-after-free in tb_dp_dprx_work2025-10-18