PT-2025-46743 · Linux+5 · Linux Kernel+5

Published

2025-10-01

·

Updated

2026-03-14

·

CVE-2025-40186

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw in the TCP implementation where calling reqsk fastopen remove() within tcp conn request() can lead to a use-after-free and a refcount underflow. This occurs when a listener is closed while a TCP Fast Open (TFO) socket is being processed. Specifically, the issue arises because reqsk fastopen remove() is called with an invalid reqsk pointer, leading to a double-free of the request socket. The syzbot fuzzer reported this issue, resulting in a kernel panic.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-826CWE-416

Related Identifiers

BDU:2025-14699
CVE-2025-40186
DLA-4379-1
DLA-4404-1
OPENSUSE-SU-2025:20172-1
SUSE-SU-2025:4393-1
SUSE-SU-2025:4422-1
SUSE-SU-2025:4505-1
SUSE-SU-2025:4515-1
SUSE-SU-2025:4516-1
SUSE-SU-2025:4517-1
SUSE-SU-2025:4521-1
SUSE-SU-2026:0487-1
SUSE-SU-2026:0489-1
SUSE-SU-2026:0490-1
SUSE-SU-2026:0491-1
SUSE-SU-2026:0515-1
SUSE-SU-2026:0518-1
SUSE-SU-2026:0521-1
SUSE-SU-2026:0524-1
SUSE-SU-2026:0525-1
SUSE-SU-2026:0543-1
SUSE-SU-2026:0546-1
SUSE-SU-2026:0548-1
SUSE-SU-2026:0550-1
SUSE-SU-2026:0551-1
SUSE-SU-2026:0554-1
SUSE-SU-2026:0555-1
SUSE-SU-2026:0556-1
SUSE-SU-2026:0557-1
SUSE-SU-2026:0560-1
SUSE-SU-2026:0561-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
SUSE-SU-2026:20039-1
SUSE-SU-2026:20059-1
SUSE-SU-2026:20455-1
SUSE-SU-2026:20456-1
SUSE-SU-2026:20457-1
SUSE-SU-2026:20458-1
SUSE-SU-2026:20459-1
SUSE-SU-2026:20460-1
SUSE-SU-2026:20461-1
SUSE-SU-2026:20462-1
SUSE-SU-2026:20463-1
SUSE-SU-2026:20464-1
SUSE-SU-2026:20465-1
SUSE-SU-2026:20466-1
SUSE-SU-2026:20467-1
SUSE-SU-2026:20468-1
SUSE-SU-2026:20469-1
SUSE-SU-2026:20470-1
SUSE-SU-2026:20471-1
SUSE-SU-2026:20472-1
SUSE-SU-2026:20473-1
SUSE-SU-2026:20496-1
SUSE-SU-2026:20499-1
SUSE-SU-2026:20500-1
SUSE-SU-2026:20501-1
SUSE-SU-2026:20502-1
SUSE-SU-2026:20503-1
SUSE-SU-2026:20504-1
SUSE-SU-2026:20505-1
SUSE-SU-2026:20506-1
SUSE-SU-2026:20507-1
SUSE-SU-2026:20508-1
SUSE-SU-2026:20511-1
SUSE-SU-2026:20512-1
SUSE-SU-2026:20513-1
SUSE-SU-2026:20514-1
SUSE-SU-2026:20515-1
SUSE-SU-2026:20516-1
SUSE-SU-2026:20517-1
SUSE-SU-2026:20518-1
SUSE-SU-2026:20541-1
SUSE-SU-2026:20558-1
SUSE-SU-2026:20606-1
SUSE-SU-2026:20635-1
SUSE-SU-2026:20644-1
SUSE-SU-2026:20645-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8048-1

Affected Products

Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Ubuntu