CVE-2025-40176

CVSS v2.0

5.5

Medium

Vector

AV:L/AC:H/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to Transport Layer Security (TLS) asynchronous decryption. Specifically, if the tls strp msg hold function fails to allocate a clone of the input socket buffer (skb), continuing with asynchronous decryption can lead to use-after-free (UAF) on the skb or writing into userspace memory after the recv() call has completed. The issue occurs because the system does not wait for all pending decryption requests when tls strp msg hold fails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-825CWE-416

Related Identifiers

ALSA-2025:23241

ALSA-2026:0453

AZL-70028

BDU:2025-16155

CVE-2025-40176

DLA-4379-1

OESA-2025-2765

OESA-2025-2766

OESA-2025-2767

OPENSUSE-SU-2025:20172-1

RHSA-2026:0453

RHSA-2026:0457

RHSA-2026:0489

RHSA-2026:0534

RHSA-2026:0535

RHSA-2026:0747

SUSE-SU-2025:4393-1

SUSE-SU-2025:4422-1

SUSE-SU-2025:4505-1

SUSE-SU-2025:4516-1

SUSE-SU-2025:4517-1

SUSE-SU-2025:4521-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:20039-1

SUSE-SU-2026:20059-1

SUSE-SU-2026:20473-1

SUSE-SU-2026:20496-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Almalinux

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Ubuntu

CVE-2025-40176

Weakness Enumeration

Related Identifiers

Affected Products

References · 1962