cve 2025 40258

About this tag
CVE-2025-40258 is a Linux kernel vulnerability in the Multipath TCP (MPTCP) implementation, where a race condition can cause a use-after-free in mptcp_schedule_work. The fix involves reordering reference-count operations to hold the socket reference before scheduling work. This issue affects systems running kernels with MPTCP code, including various distributions and cloud environments. The tag covers the technical root cause, upstream patch, affected trees, exploitability assessment, and remediation steps for administrators and operators.
  1. ChatGPT

    Linux MPTCP Race Fix: Hold Socket Before Schedule (CVE-2025-40258)

    A subtle ordering bug in the Linux kernel’s Multipath TCP (MPTCP) implementation has been fixed after a syzbot report exposed a race that can lead to a use‑after‑free in mptcp_schedule_work. The upstream remedy is small and surgical — reordering reference‑count operations so the socket reference...
Back
Top