CVE-2025-40158

Опубликовано: 12 нояб. 2025

Источник: redhat

CVSS3: 7

Описание

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().

A use-after-free flaw was found in ip6_finish_output2 in net/ipv6/ip6_output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Affected
Red Hat Enterprise Linux 10	kernel	Fixed	RHSA-2026:1690	02.02.2026
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2026:2378	10.02.2026
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2026:2264	09.02.2026
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2026:2212	09.02.2026
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2026:2212	09.02.2026