Home Embedded Vulns General Vulns

CVE-2025-40168

Our Analysis: Embedded

Our model has classified this vulnerability as relevant to Embedded Systems, helping your team prioritize efforts effectively.

Published Date November 12, 2025
Last Modified November 12, 2025
CVSS Vector Not Available

Description

In the Linux kernel, the following vulnerability has been resolved:

smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().

smc_clc_prfx_match() is called from smc_listen_work() and
not under RCU nor RTNL.

Using sk_dst_get(sk)->dev could trigger UAF.

Let's use __sk_dst_get() and dst_dev_rcu().

Note that the returned value of smc_clc_prfx_match() is not
used in the caller.