CVE-2025-40170

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-40170
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40170.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40170
Downstream
Related
Published
2025-11-12T10:46:52.014Z
Modified
2026-03-28T17:44:45.698233488Z
Summary
net: use dst_dev_rcu() in sk_setup_caps()
Details

In the Linux kernel, the following vulnerability has been resolved:

net: use dstdevrcu() in sksetupcaps()

Use RCU to protect accesses to dst->dev from sksetupcaps() and skdstgsomaxsize().

Also use dstdevrcu() in ip6dstmtumaybeforward(), and ipdstmtumaybeforward().

ip4dsthoplimit() can use dstdevnet_rcu().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40170.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4a6ce2b6f2ecabbddcfe47e7cf61dd0f00b10e36
Fixed
5d1be493d1110c9e720b4c51a6e587bb2fb4ac12
Fixed
a805729c0091073d8f0415cfa96c7acd1bc17a48
Fixed
99a2ace61b211b0be861b07fbaa062fca4b58879

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40170.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.13.0
Fixed
6.12.64
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40170.json"