CVE-2025-40176

Async decryption calls tlsstrpmsg_hold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with async decryption can lead to various issues (UAF on the skb, writing into userspace memory after the recv() call has returned).

In this case, wait for all pending decryption requests.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40176.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

84c61fe1a75b4255df1e1e7c054c9e6d048da417

Fixed

9f83fd0c179e0f458e824e417f9d5ad53443f685

Fixed

c61d4368197d65c4809d9271f3b85325a600586a

Fixed

39dec4ea3daf77f684308576baf483b55ca7f160

Fixed

4fc109d0ab196bd943b7451276690fb6bb48c2e0

Fixed

b8a6ff84abbcbbc445463de58704686011edc8e1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40176.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.1.158

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.114

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.55

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40176.json"