CVE-2025-40064 — Expired Pointer Dereference in Linux
Severity
6.6MEDIUM
No vectorEPSS
0.0%
top 92.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 28
Latest updateFeb 24
Description
In the Linux kernel, the following vulnerability has been resolved:
smc: Fix use-after-free in __pnet_find_base_ndev().
syzbot reported use-after-free of net_device in __pnet_find_base_ndev(),
which was called during connect(). [0]
smc_pnet_find_ism_resource() fetches sk_dst_get(sk)->dev and passes
down to pnet_find_base_ndev(), where RTNL is held. Then, UAF happened
at __pnet_find_base_ndev() when the dev is first used.
This means dev had already been freed before acquiring RTNL in
pnet_fin…