CVE-2025-40064

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free flaw in the pnet find base ndev() function within the smc module. The issue occurs when a network device (net device) is freed while still being referenced, specifically during the connect() process. This can lead to a system crash. The vulnerability was identified through syzbot testing, which reported a use-after-free condition when the device was accessed after being freed. The root cause involves improper reference counting and handling of the device structure during network connection establishment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:2721

ALSA-2026:2722

ALSA-2026:3083

ALSA-2026:3110

AZL-68897

BDU:2025-16409

CVE-2025-40064

ECHO-9AA7-85A0-0B23

OPENSUSE-SU-2025:15702-1

OPENSUSE-SU-2025:20172-1

OPENSUSE-SU-2026:10301-1

RHSA-2026:2721

RHSA-2026:2722

RHSA-2026:3083

RHSA-2026:3110

RHSA-2026:4111

RHSA-2026:6954

RHSA-2026:9513

RHSA-2026:9514

RHSA-2026:9643

SUSE-SU-2025:4393-1

SUSE-SU-2025:4422-1

SUSE-SU-2025:4505-1

SUSE-SU-2025:4516-1

SUSE-SU-2025:4517-1

SUSE-SU-2025:4521-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:20039-1

SUSE-SU-2026:20059-1

SUSE-SU-2026:20473-1

SUSE-SU-2026:20496-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Debian

Linuxmint

Linux Kernel

Rocky Linux

Ubuntu

CVE-2025-40064

Weakness Enumeration

Related Identifiers

Affected Products

References · 1179