CVE-2025-40215

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to the handling of ipcomp fallback tunnels and xfrm states. Specifically, the issue arises when deleting xfrm states, where the fallback state might not be deleted promptly if references to the user state still exist. This can lead to warnings within the xfrm state fini function and incomplete fixes related to asynchronous destruction of xfrm states during network exit. The problem is similar to a previously addressed issue in TCP related to deferred freeing of skbs and can also occur due to IP reassembly, where skbs with a security path remain on the reassembly queue. The fix involves deleting the fallback state immediately after the last user state depending on it has been deleted, ensuring timely deletion when the final reference is dropped. A separate lockdep class is required due to locking x->tunnel while x is locked.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.