CVE-2025-40135

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-40135
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40135.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40135
Downstream
Related
Published
2025-11-12T10:23:23.051Z
Modified
2026-03-31T17:29:33.102490Z
Summary
ipv6: use RCU in ip6_xmit()
Details

In the Linux kernel, the following vulnerability has been resolved:

ipv6: use RCU in ip6_xmit()

Use RCU in ip6xmit() in order to use dstdev_rcu() to prevent possible UAF.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40135.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36
Fixed
f0a54d00d2f36de40266f47c27989853e8588656
Fixed
f69fec6287565fdeb61f65e700a1184352306943
Fixed
bd0905e2122e3680968cd0741966983490bf2ed3
Fixed
f7f9e924f23684b4b23cd9f976cceab24a968e34
Fixed
9085e56501d93af9f2d7bd16f7fcfacdde47b99c

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40135.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.13.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40135.json"