PT-2025-49081 · Linux+6 · Linux Kernel+6

Published

2025-12-04

·

Updated

2026-05-07

·

CVE-2025-40251

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc4+
Description The devl rate nodes destroy function in the Linux kernel did not correctly unset the parent pointer for rate objects, leading to a dangling pointer in the devlink rate struct. This issue caused refcount errors in netdevsim and mlx5. The function was documented to unset the parent pointer, but only decremented the parent's refcount without setting devlink rate->parent to NULL. This inconsistency with devlink nl rate parent node set resulted in memory leaks. The issue was observed during device removal in netdevsim and mlx5 environments.
Recommendations Update to Linux kernel version 6.18.0-rc4+ or later.

Exploit

Fix

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2026:1617
ALSA-2026:1690
AZL-71420
AZL-78395
CVE-2025-40251
ECHO-2D2A-2C76-A14E
MGASA-2026-0017
MGASA-2026-0018
OESA-2026-1759
OESA-2026-1760
OESA-2026-1761
OPENSUSE-SU-2026:20145-1
RHSA-2026:1194
RHSA-2026:1617
RHSA-2026:1690
RHSA-2026:1727
RHSA-2026:1879
RHSA-2026:2560
RHSA-2026:2573
RHSA-2026:2577
RHSA-2026:2583
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8094-1
USN-8094-2
USN-8094-3
USN-8094-4
USN-8094-5
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8152-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Rocky Linux
Ubuntu
Mlx5
Netdevsim