CVE-2025-40003 — Linux vulnerability

16 documents7 sources

Severity

7.8HIGH

No vector

EPSS

0.0%

top 88.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +9 more

Timeline

PublishedOct 18

Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls cancel_delayed_work() in ocelot_stats_deinit() to cancel the cyclic delayed work item ocelot->stats_work. However, cancel_delayed_work() may fail to cancel the work item if it is already executing. While destroy_workqueue() does wait for all pending work items in the work queue to complete before destroying the work queue, it cannot preve…

Affected Packages14 packages

▶Linuxlinux/linux_kernel4.18.0 — 6.12.54+1

▶Debianlinux/linux_kernel< 6.12.57-1+1

▶Ubuntulinux/linux_kernel< 6.17.0-14.14

▶msrcmsrc/azl3_kernel_6.6.96.2-2_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.104.2-4_on_azure_linux_3.0

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2026-02-24

▶

OSV

linux-oem-6.17 vulnerabilities↗2026-02-17

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2026-02-17

▶

OSV

linux-gcp vulnerabilities↗2026-02-12

▶

OSV

linux, linux-raspi, linux-realtime vulnerabilities↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-02-17

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-12

▶

Red Hat

kernel: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work↗2025-10-18

▶

External resources

NVD MITRE

Affected products12

Debian Linuxfixed in linux 6.17.6-1 (forky)

Linux≥ a556c76adc052c979ef9e80f0cd3fa1379ff4943, < 70acdd1eb35ffb3afdcb59e4c3bbb178da411d0f≥ a556c76adc052c979ef9e80f0cd3fa1379ff4943, < c3363db5d0685a8d077ade706051bbccc75f7e14≥ a556c76adc052c979ef9e80f0cd3fa1379ff4943, < bc9ea787079671cb19a8b25ff9f02be5ef6bfcf5+1 more

Linux Kernel≥ 0, < 6.12.57-1≥ 0, < 6.17.6-1≥ 4.18.0, < 6.12.54+2 more

Msrc Azl3 Kernel 6.6.104.2-4 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.112.1-2 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.117.1-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-3 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.121.1-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.126.1-1 ON Azure Linux 3.0

Disclosure

PublishedOct 18, 2025

Latest updateFeb 24, 2026