CVE-2025-40176Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference33 documents7 sources
Severity
3.2LOWOSV
No vector
EPSS
0.0%
top 94.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedNov 12
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with async decryption can lead to various issues (UAF on the skb, writing into userspace memory after the recv() call has returned). In this case, wait for all pending decryption requests.

Affected Packages7 packages

Linuxlinux/linux_kernel6.0.06.1.158+3
Debianlinux/linux_kernel< 6.1.158-1+2
Ubuntulinux/linux_kernel< 6.8.0-106.106+1
CVEListV5linux/linux84c61fe1a75b4255df1e1e7c054c9e6d048da4179f83fd0c179e0f458e824e417f9d5ad53443f685+5

🔴Vulnerability Details

16
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23
OSV
linux-realtime, linux-realtime-6.8 vulnerabilities2026-03-17

📋Vendor Advisories

16
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (AWS) vulnerabilities2026-03-23