PT-2025-51573 · Linux+2 · Linux Kernel+2

Published

2025-10-17

Updated

2026-02-24

CVE-2025-40357

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the SMC (Stream Management Control) subsystem that can lead to a general protection fault. Specifically, a crash can occur in the smc diag dump function due to a wild-memory-access, potentially triggered by visiting an incorrect clcsock during hash table traversal. The issue arises when the clcsock is unexpectedly changed in inet init csk locks(). The fix involves removing the INET PROTOSW ICSK flag for SMC and reverting a previous commit to prevent casting smc sock to inet connection sock. The issue was identified through syzbot testing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2026-03003

CVE-2025-40357

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2025-51573 · Linux+2 · Linux Kernel+2

CVE-2025-40357

Weakness Enumeration

Related Identifiers

Affected Products

References · 1352