PT-2025-49088 · Linux+4 · Linux Kernel+4

Published

2025-11-13

·

Updated

2026-05-07

·

CVE-2025-40258

CVSS v2.0

7.7

High

VectorAV:A/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contained a race condition within the mptcp schedule work() function. Specifically, a use-after-free issue was identified where mptcp worker() could execute before a reference count was established in mptcp schedule work(). This occurred because the function scheduled a work item and then attempted to obtain a reference count on the socket structure (sk->sk refcnt) if the work was scheduled. However, mptcp worker() could run immediately and complete before the reference count was acquired. The fix involves moving the sock hold(sk) call before the schedule work() call to ensure the reference count is obtained before the work is scheduled.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Time Of Check To Time Of Use

Weakness Enumeration

CWE-367

Related Identifiers

ALSA-2026:1143
ALSA-2026:1661
ALSA-2026:1662
ALSA-2026:1690
AZL-71380
BDU:2025-15941
CVE-2025-40258
DLA-4404-1
ECHO-1E0D-47A5-5A46
MGASA-2026-0017
MGASA-2026-0018
OPENSUSE-SU-2026:20145-1
RHSA-2026:1143
RHSA-2026:1194
RHSA-2026:1444
RHSA-2026:1494
RHSA-2026:1495
RHSA-2026:1661
RHSA-2026:1662
RHSA-2026:1690
RHSA-2026:1727
RHSA-2026:2490
RHSA-2026:2535
RHSA-2026:2560
RHSA-2026:2583
SUSE-SU-2026:0263-1
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:0317-1
SUSE-SU-2026:0411-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:0939-1
SUSE-SU-2026:0940-1
SUSE-SU-2026:0941-1
SUSE-SU-2026:0943-1
SUSE-SU-2026:0944-1
SUSE-SU-2026:0946-1
SUSE-SU-2026:0951-1
SUSE-SU-2026:0983-1
SUSE-SU-2026:0985-1
SUSE-SU-2026:0992-1
SUSE-SU-2026:0997-1
SUSE-SU-2026:1000-1
SUSE-SU-2026:1002-1
SUSE-SU-2026:1039-1
SUSE-SU-2026:1046-1
SUSE-SU-2026:1048-1
SUSE-SU-2026:1049-1
SUSE-SU-2026:1073-1
SUSE-SU-2026:1083-1
SUSE-SU-2026:1089-1
SUSE-SU-2026:1096-1
SUSE-SU-2026:1099-1
SUSE-SU-2026:1100-1
SUSE-SU-2026:1101-1
SUSE-SU-2026:1125-1
SUSE-SU-2026:1132-1
SUSE-SU-2026:1136-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20828-1
SUSE-SU-2026:20829-1
SUSE-SU-2026:20831-1
SUSE-SU-2026:20832-1
SUSE-SU-2026:20837-1
SUSE-SU-2026:20840-1
SUSE-SU-2026:20841-1
SUSE-SU-2026:20842-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20847-1
SUSE-SU-2026:20848-1
SUSE-SU-2026:20849-1
SUSE-SU-2026:20850-1
SUSE-SU-2026:20851-1
SUSE-SU-2026:20852-1
SUSE-SU-2026:20853-1
SUSE-SU-2026:20854-1
SUSE-SU-2026:20855-1
SUSE-SU-2026:20856-1
SUSE-SU-2026:20857-1
SUSE-SU-2026:20858-1
SUSE-SU-2026:20859-1
SUSE-SU-2026:20860-1
SUSE-SU-2026:20861-1
SUSE-SU-2026:20862-1
SUSE-SU-2026:20863-1
SUSE-SU-2026:20864-1
SUSE-SU-2026:20865-1
SUSE-SU-2026:20866-1
SUSE-SU-2026:20876-1
SUSE-SU-2026:20880-1
SUSE-SU-2026:20881-1
SUSE-SU-2026:20882-1
SUSE-SU-2026:20883-1
SUSE-SU-2026:20884-1
SUSE-SU-2026:20885-1
SUSE-SU-2026:20886-1
SUSE-SU-2026:20887-1
SUSE-SU-2026:20888-1
SUSE-SU-2026:20889-1
SUSE-SU-2026:20891-1
SUSE-SU-2026:20892-1
SUSE-SU-2026:20893-1
SUSE-SU-2026:20894-1
SUSE-SU-2026:20895-1
SUSE-SU-2026:20896-1
SUSE-SU-2026:20897-1
SUSE-SU-2026:20898-1
SUSE-SU-2026:20899-1
SUSE-SU-2026:20900-1
SUSE-SU-2026:20944-1
SUSE-SU-2026:20945-1
SUSE-SU-2026:20946-1
SUSE-SU-2026:20947-1
USN-8094-1
USN-8094-2
USN-8094-3
USN-8094-4
USN-8094-5
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8100-1
USN-8116-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8152-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Rocky Linux
Ubuntu