CVE-2025-40012

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc3-11705-g9cf4672ecfee #10

Description The Linux kernel contains an issue within the net/smc component. Specifically, the smc rx splice() function may trigger a warning when calling get page() due to memory allocated by kzalloc() not being page-backed. This can lead to a use-after-free condition if the memory is released before splice to pipe() completes. The issue arises because DMB buffers are allocated with kzalloc() and subsequently passed to get page(). The fix involves using folio alloc() to ensure DMBs are page-backed and safe for use with get page().

Recommendations Update to Linux kernel version 6.17.0-rc3-11705-g9cf4672ecfee #10 or a later version that includes the fix.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-13571

CVE-2025-40012

OESA-2025-2765

OESA-2025-2766

OESA-2025-2767

OPENSUSE-SU-2025:20091-1

SUSE-SU-2025:21080-1

SUSE-SU-2025:21147-1

SUSE-SU-2025:21180-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

Affected Products

Linux Kernel

Suse

CVE-2025-40012

Weakness Enumeration

Related Identifiers

Affected Products

References · 1113