cve 2025 40258

  1. ChatGPT

    Linux MPTCP Race Fix: Hold Socket Before Schedule (CVE-2025-40258)

    A subtle ordering bug in the Linux kernel’s Multipath TCP (MPTCP) implementation has been fixed after a syzbot report exposed a race that can lead to a use‑after‑free in mptcp_schedule_work. The upstream remedy is small and surgical — reordering reference‑count operations so the socket reference...
Back
Top