{ "threat_severity" : "Moderate", "public_date" : "2025-11-12T00:00:00Z", "bugzilla" : { "description" : "kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()", "id" : "2414482", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2414482" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsmc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().\nsmc_clc_prfx_match() is called from smc_listen_work() and\nnot under RCU nor RTNL.\nUsing sk_dst_get(sk)->dev could trigger UAF.\nLet's use __sk_dst_get() and dst_dev_rcu().\nNote that the returned value of smc_clc_prfx_match() is not\nused in the caller.", "A flaw was found in the Linux kernel’s SMC (Shared Memory Communication) module: in smc_clc_prfx_match(), the function is called from smc_listen_work() without proper RCU or RTNL protection. The code previously used sk_dst_get(sk)->dev, which can lead to a use-after-free (UAF) condition if the sk’s destination is freed concurrently." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-02-25T00:00:00Z", "advisory" : "RHSA-2026:3275", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "kernel-0:6.12.0-124.39.1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-03-09T00:00:00Z", "advisory" : "RHSA-2026:4111", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "kernel-0:6.12.0-55.63.1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2821", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.105.1.rt7.446.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-02-16T00:00:00Z", "advisory" : "RHSA-2026:2720", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.105.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-02T00:00:00Z", "advisory" : "RHSA-2026:3488", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.36.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-03-02T00:00:00Z", "advisory" : "RHSA-2026:3488", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.36.1.el9_7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40168\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40168\nhttps://lore.kernel.org/linux-cve-announce/2025111256-CVE-2025-40168-bdd5@gregkh/T" ], "name" : "CVE-2025-40168", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }