CVE-2025-40012 — Linux vulnerability

6 documents5 sources

Severity

—N/A

No vector

EPSS

0.0%

top 93.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 20

Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are later passed to get_page() in smc_rx_splice(). Since kmalloc memory is not page-backed, this triggers WARN_ON_ONCE() in get_page() and prevents holding a refcount on the buffer. This can lead to use-after-free if the memory is released before splice_to_pipe() completes. Use folio_alloc() instea…

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.10.0 — 6.12.50+1

▶Debianlinux/linux_kernel< 6.12.57-1+1

▶CVEListV5linux/linuxf7a22071dbf316c982fb44308874bd7ad9ac2091 — 14fc4fdae42e34d7ee871b292ac2ecc61c2c5de7+3

▶debiandebian/linux< linux 6.16.10-1 (forky)

🔴Vulnerability Details

OSV

net/smc: fix warning in smc_rx_splice() when calling get_page()↗2025-10-20

▶

GHSA

GHSA-c4v9-hjfq-qw76: In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_↗2025-10-20

▶

OSV

CVE-2025-40012: In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_dm↗2025-10-20

▶

📋Vendor Advisories

Red Hat

kernel: net/smc: fix warning in smc_rx_splice() when calling get_page()↗2025-10-20

▶

Debian

CVE-2025-40012: linux - In the Linux kernel, the following vulnerability has been resolved: net/smc: fi...↗2025

▶