CVE-2025-40002

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the thunderbolt driver, specifically in the tb dp dprx work function. The original code used cancel delayed work(), which did not guarantee the completion of a delayed work item before the associated memory was deallocated, leading to a use-after-free scenario when tb tunnel was dereferenced. A race condition can occur where tb tunnel is deallocated while tunnel->dprx work is still active. The issue was identified through static analysis. The fix involves implementing proper reference counting to ensure the tb tunnel remains valid during work item execution and to prevent memory leaks. The vulnerable function is tb dp dprx work().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.