VDB

DEBIAN-CVE-2025-40158

DEBIAN-CVE-2025-40158 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().

Affected Products

VendorProductVersions
Debian:14linux6.15.1-1, 6.15.2-1, 6.15.3-1
Debian:11linux6.11~rc4-1~exp1, 6.12.10-1, 6.12.11-1
Debian:13linux6.19, 0, 6.12.38-1
Debian:12linux*, *, 6.12.25-1

Timeline

  • Nov 12, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›