DEBIAN-CVE-2025-40135

DEBIAN-CVE-2025-40135 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.

Affected Products

Vendor	Product	Versions
Debian:12	linux	6.4.13-1, 6.17.8-1, 6.12.43-1
Debian:11	linux	6.1.106-1, 6.15-1, 6.15.1-1
Debian:11	linux-6.1	0, 6.1.164-1, 6.1.162-1
Debian:14	linux	6.16.10-1, 6.16.1-1, 6.16-1
Debian:13	linux	6.12.41-1, 6.12.43-1, 6.12.43-1

Exploit Intelligence

2026-05-06_426_linux-signed-amd64.yaml (github-poc)

Timeline

Nov 12, 2025 CVE Published
May 2, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-40135 advisory

Open in Interactive Console →