CVE-2025-40158
Published: November 14, 2025Last modified: November 14, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Vulnerable (6.1.158-r0) |
| 25 LTS | linux-lts | Vulnerable (6.12.57-r0) | |
| Stream | linux-lts | Vulnerable (6.12.57-r0) |