PT-2025-46645 · Linux+4 · Linux Kernel+4

Published

2025-11-12

Updated

2026-05-26

CVE-2025-40170

CVSS v2.0

6.2

Medium

Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a flaw where accesses to dst->dev were not protected using Read-Copy-Update (RCU). This issue was addressed by utilizing RCU in functions such as sk setup caps(), sk dst gso max size(), ip6 dst mtu maybe forward(), ip dst mtu maybe forward(), and ip4 dst hoplimit(). The fix ensures thread safety when accessing the device associated with a destination.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2026:1690

ALSA-2026:2212

ALSA-2026:2264

ALSA-2026:2378

AZL-70022

BDU:2026-05106

CVE-2025-40170

ECHO-2A73-0CF4-B152

OPENSUSE-SU-2026:20145-1

RHSA-2026:1690

RHSA-2026:2212

RHSA-2026:2264

RHSA-2026:2378

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Debian

Linuxmint

Linux Kernel

Rocky Linux

Ubuntu

PT-2025-46645 · Linux+4 · Linux Kernel+4

CVE-2025-40170

Weakness Enumeration

Related Identifiers

Affected Products

References · 2199