{
  "threat_severity" : "Moderate",
  "public_date" : "2025-11-12T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable()",
    "id" : "2414465",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2414465"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-825",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable().\nmptcp_active_enable() is called from subflow_finish_connect(),\nwhich is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always\nunder RCU.\nUsing sk_dst_get(sk)->dev could trigger UAF.\nLet's use __sk_dst_get() and dst_dev_rcu().", "A use-after-free flaw was found in Multipath TCP in the Linux kernel in net/mptcp/ctrl.c:mptcp_active_enablecode due to concurrency problem. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-02-09T00:00:00Z",
    "advisory" : "RHSA-2026:2282",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.35.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-02-02T00:00:00Z",
    "advisory" : "RHSA-2026:1727",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "kernel-0:6.12.0-55.58.1.el10_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40133\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40133\nhttps://lore.kernel.org/linux-cve-announce/2025111254-CVE-2025-40133-4d9d@gregkh/T" ],
  "name" : "CVE-2025-40133",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}