cvelistv5 - cve-2025-40064

CVE-2025-40064 (GCVE-0-2025-40064)

Vulnerability from cvelistv5

Published

2025-10-28 11:48

Modified

2025-10-28 11:48

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0] smc_pnet_find_ism_resource() fetches sk_dst_get(sk)->dev and passes down to pnet_find_base_ndev(), where RTNL is held. Then, UAF happened at __pnet_find_base_ndev() when the dev is first used. This means dev had already been freed before acquiring RTNL in pnet_find_base_ndev(). While dev is going away, dst->dev could be swapped with blackhole_netdev, and the dev's refcnt by dst will be released. We must hold dev's refcnt before calling smc_pnet_find_ism_resource(). Also, smc_pnet_find_roce_resource() has the same problem. Let's use __sk_dst_get() and dst_dev_rcu() in the two functions. [0]: BUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926 Read of size 1 at addr ffff888036bac33a by task syz.0.3632/18609 CPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Call Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926 pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline] smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline] smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154 smc_find_ism_device net/smc/af_smc.c:1030 [inline] smc_find_proposal_devices net/smc/af_smc.c:1115 [inline] __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545 smc_connect+0x877/0xd90 net/smc/af_smc.c:1715 __sys_connect_file net/socket.c:2086 [inline] __sys_connect+0x313/0x440 net/socket.c:2105 __do_sys_connect net/socket.c:2111 [inline] __se_sys_connect net/socket.c:2108 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:2108 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f47cbf8eba9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9 RDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b RBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8 </TASK> The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000 raw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851 prep_new_page mm/page_alloc.c:1859 [inline] get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416 ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317 __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348 __do_kmalloc_node mm/slub.c:4364 [inline] __kvmalloc_node ---truncated---

References

URL

Tags

	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/233927b645cb7a14bb98d23ac72e4c7243a9f0d9
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3d3466878afd8d43ec0ca2facfbc7f03e40d0f79

Impacted products

Vendor

Product

Version

Linux

Version: 0afff91c6f5ecef27715ea71e34dc2baacba1060
Version: 0afff91c6f5ecef27715ea71e34dc2baacba1060

Linux

Version: 4.19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc_pnet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "233927b645cb7a14bb98d23ac72e4c7243a9f0d9",
              "status": "affected",
              "version": "0afff91c6f5ecef27715ea71e34dc2baacba1060",
              "versionType": "git"
            },
            {
              "lessThan": "3d3466878afd8d43ec0ca2facfbc7f03e40d0f79",
              "status": "affected",
              "version": "0afff91c6f5ecef27715ea71e34dc2baacba1060",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc_pnet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.3",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18-rc1",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in __pnet_find_base_ndev().\n\nsyzbot reported use-after-free of net_device in __pnet_find_base_ndev(),\nwhich was called during connect(). [0]\n\nsmc_pnet_find_ism_resource() fetches sk_dst_get(sk)-\u003edev and passes\ndown to pnet_find_base_ndev(), where RTNL is held.  Then, UAF happened\nat __pnet_find_base_ndev() when the dev is first used.\n\nThis means dev had already been freed before acquiring RTNL in\npnet_find_base_ndev().\n\nWhile dev is going away, dst-\u003edev could be swapped with blackhole_netdev,\nand the dev\u0027s refcnt by dst will be released.\n\nWe must hold dev\u0027s refcnt before calling smc_pnet_find_ism_resource().\n\nAlso, smc_pnet_find_roce_resource() has the same problem.\n\nLet\u0027s use __sk_dst_get() and dst_dev_rcu() in the two functions.\n\n[0]:\nBUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\nRead of size 1 at addr ffff888036bac33a by task syz.0.3632/18609\n\nCPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\n pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline]\n smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline]\n smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154\n smc_find_ism_device net/smc/af_smc.c:1030 [inline]\n smc_find_proposal_devices net/smc/af_smc.c:1115 [inline]\n __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545\n smc_connect+0x877/0xd90 net/smc/af_smc.c:1715\n __sys_connect_file net/socket.c:2086 [inline]\n __sys_connect+0x313/0x440 net/socket.c:2105\n __do_sys_connect net/socket.c:2111 [inline]\n __se_sys_connect net/socket.c:2108 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2108\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f47cbf8eba9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9\nRDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b\nRBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000\nraw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851\n prep_new_page mm/page_alloc.c:1859 [inline]\n get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858\n __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148\n alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416\n ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317\n __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348\n __do_kmalloc_node mm/slub.c:4364 [inline]\n __kvmalloc_node\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-28T11:48:35.155Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/233927b645cb7a14bb98d23ac72e4c7243a9f0d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d3466878afd8d43ec0ca2facfbc7f03e40d0f79"
        }
      ],
      "title": "smc: Fix use-after-free in __pnet_find_base_ndev().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40064",
    "datePublished": "2025-10-28T11:48:35.155Z",
    "dateReserved": "2025-04-16T07:20:57.159Z",
    "dateUpdated": "2025-10-28T11:48:35.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-40064\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-28T12:15:40.840\",\"lastModified\":\"2025-10-30T15:05:32.197\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nsmc: Fix use-after-free in __pnet_find_base_ndev().\\n\\nsyzbot reported use-after-free of net_device in __pnet_find_base_ndev(),\\nwhich was called during connect(). [0]\\n\\nsmc_pnet_find_ism_resource() fetches sk_dst_get(sk)-\u003edev and passes\\ndown to pnet_find_base_ndev(), where RTNL is held.  Then, UAF happened\\nat __pnet_find_base_ndev() when the dev is first used.\\n\\nThis means dev had already been freed before acquiring RTNL in\\npnet_find_base_ndev().\\n\\nWhile dev is going away, dst-\u003edev could be swapped with blackhole_netdev,\\nand the dev\u0027s refcnt by dst will be released.\\n\\nWe must hold dev\u0027s refcnt before calling smc_pnet_find_ism_resource().\\n\\nAlso, smc_pnet_find_roce_resource() has the same problem.\\n\\nLet\u0027s use __sk_dst_get() and dst_dev_rcu() in the two functions.\\n\\n[0]:\\nBUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\\nRead of size 1 at addr ffff888036bac33a by task syz.0.3632/18609\\n\\nCPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full)\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\\nCall Trace:\\n \u003cTASK\u003e\\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\\n print_address_description mm/kasan/report.c:378 [inline]\\n print_report+0xca/0x240 mm/kasan/report.c:482\\n kasan_report+0x118/0x150 mm/kasan/report.c:595\\n __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\\n pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline]\\n smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline]\\n smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154\\n smc_find_ism_device net/smc/af_smc.c:1030 [inline]\\n smc_find_proposal_devices net/smc/af_smc.c:1115 [inline]\\n __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545\\n smc_connect+0x877/0xd90 net/smc/af_smc.c:1715\\n __sys_connect_file net/socket.c:2086 [inline]\\n __sys_connect+0x313/0x440 net/socket.c:2105\\n __do_sys_connect net/socket.c:2111 [inline]\\n __se_sys_connect net/socket.c:2108 [inline]\\n __x64_sys_connect+0x7a/0x90 net/socket.c:2108\\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\nRIP: 0033:0x7f47cbf8eba9\\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\\nRSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\\nRAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9\\nRDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b\\nRBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000\\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\\nR13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8\\n \u003c/TASK\u003e\\n\\nThe buggy address belongs to the physical page:\\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac\\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\\nraw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000\\nraw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000\\npage dumped because: kasan: bad access detected\\npage_owner tracks the page as freed\\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466\\n set_page_owner include/linux/page_owner.h:32 [inline]\\n post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851\\n prep_new_page mm/page_alloc.c:1859 [inline]\\n get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858\\n __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148\\n alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416\\n ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317\\n __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348\\n __do_kmalloc_node mm/slub.c:4364 [inline]\\n __kvmalloc_node\\n---truncated---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/233927b645cb7a14bb98d23ac72e4c7243a9f0d9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3d3466878afd8d43ec0ca2facfbc7f03e40d0f79\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

msrc_cve-2025-40064

Vulnerability from csaf_microsoft

Published

2025-10-02 00:00

Modified

2025-10-29 01:03

Summary

smc: Fix use-after-free in __pnet_find_base_ndev().

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev(). - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40064.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "smc: Fix use-after-free in __pnet_find_base_ndev().",
    "tracking": {
      "current_release_date": "2025-10-29T01:03:48.000Z",
      "generator": {
        "date": "2025-10-29T21:50:50.904Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-40064",
      "initial_release_date": "2025-10-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-29T01:03:48.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.104.2-4",
                "product": {
                  "name": "azl3 kernel 6.6.104.2-4",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.104.2-4 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-40064",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev(). - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40064.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-10-29T01:03:48.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        }
      ],
      "title": "smc: Fix use-after-free in __pnet_find_base_ndev()."
    }
  ]
}

CERTFR-2025-AVI-0941

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	azl3 kata-containers-cc 3.15.0.aks0-5
Microsoft	N/A	cbl2 binutils 2.37-17
Microsoft	N/A	cbl2 coredns 1.11.1-22 versions antérieures à 1.11.1-24
Microsoft	N/A	cbl2 bind 9.16.50-2
Microsoft	N/A	azl3 kernel 6.6.104.2-4
Microsoft	N/A	azl3 bind 9.20.11-1
Microsoft	N/A	azl3 coredns 1.11.4-10
Microsoft	N/A	azl3 binutils 2.41-9

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-40079	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40030	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40040	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40043	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-8677	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40053	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40051	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40026	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40044	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40052	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40780	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59530	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40021	2025-10-26	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40080	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40077	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40068	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40057	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40039	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11840	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40042	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40049	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11839	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40081	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40035	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40056	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40064	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40071	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40061	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40033	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40778	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40025	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40074	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40055	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40019	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40027	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40024	2025-10-26	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40029	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40065	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40020	2025-10-26	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62518	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40075	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40060	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40018	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40032	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40038	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40078	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40036	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40048	2025-10-29	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 kata-containers-cc 3.15.0.aks0-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 binutils 2.37-17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 coredns 1.11.1-22 versions ant\u00e9rieures \u00e0 1.11.1-24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 bind 9.16.50-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.104.2-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 bind 9.20.11-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 coredns 1.11.4-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 binutils 2.41-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-40064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40064"
    },
    {
      "name": "CVE-2025-40057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40057"
    },
    {
      "name": "CVE-2025-40055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
    },
    {
      "name": "CVE-2025-40029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
    },
    {
      "name": "CVE-2025-40048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
    },
    {
      "name": "CVE-2025-62518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62518"
    },
    {
      "name": "CVE-2025-40043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
    },
    {
      "name": "CVE-2025-11840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11840"
    },
    {
      "name": "CVE-2025-40780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
    },
    {
      "name": "CVE-2025-40019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
    },
    {
      "name": "CVE-2025-40039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40039"
    },
    {
      "name": "CVE-2025-40081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
    },
    {
      "name": "CVE-2025-40026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
    },
    {
      "name": "CVE-2025-40056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40056"
    },
    {
      "name": "CVE-2025-40052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40052"
    },
    {
      "name": "CVE-2025-40035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
    },
    {
      "name": "CVE-2025-40020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
    },
    {
      "name": "CVE-2025-40049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
    },
    {
      "name": "CVE-2025-40024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40024"
    },
    {
      "name": "CVE-2025-40033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40033"
    },
    {
      "name": "CVE-2025-40075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40075"
    },
    {
      "name": "CVE-2025-40027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
    },
    {
      "name": "CVE-2025-40032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40032"
    },
    {
      "name": "CVE-2025-40038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40038"
    },
    {
      "name": "CVE-2025-40778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
    },
    {
      "name": "CVE-2025-40078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
    },
    {
      "name": "CVE-2025-40074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40074"
    },
    {
      "name": "CVE-2025-40053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
    },
    {
      "name": "CVE-2025-40040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40040"
    },
    {
      "name": "CVE-2025-40021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
    },
    {
      "name": "CVE-2025-40044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
    },
    {
      "name": "CVE-2025-40079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40079"
    },
    {
      "name": "CVE-2025-59530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
    },
    {
      "name": "CVE-2025-40018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40018"
    },
    {
      "name": "CVE-2025-40077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40077"
    },
    {
      "name": "CVE-2025-40071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40071"
    },
    {
      "name": "CVE-2025-40080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40080"
    },
    {
      "name": "CVE-2025-40068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
    },
    {
      "name": "CVE-2025-40042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
    },
    {
      "name": "CVE-2025-8677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
    },
    {
      "name": "CVE-2025-40060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
    },
    {
      "name": "CVE-2025-40025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
    },
    {
      "name": "CVE-2025-11839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11839"
    },
    {
      "name": "CVE-2025-40065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40065"
    },
    {
      "name": "CVE-2025-40036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40036"
    },
    {
      "name": "CVE-2025-40030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
    },
    {
      "name": "CVE-2025-40061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40061"
    },
    {
      "name": "CVE-2025-40051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40051"
    }
  ],
  "initial_release_date": "2025-10-30T00:00:00",
  "last_revision_date": "2025-10-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0941",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40079",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40079"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40030",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40030"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40040",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40040"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40043",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40043"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-8677",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8677"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40053",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40053"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40051",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40051"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40026",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40026"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40044",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40044"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40052",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40052"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40780",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40780"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59530",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59530"
    },
    {
      "published_at": "2025-10-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40021"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40080",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40080"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40077",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40077"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40068",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40068"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40057",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40057"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40039",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40039"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11840",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11840"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40042",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40042"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40049",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40049"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11839",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11839"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40081",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40081"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40035",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40035"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40056",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40056"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40064",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40064"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40071",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40071"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40061",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40061"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40033",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40033"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40778",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40778"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40025",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40025"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40074",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40074"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40055",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40055"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40019",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40019"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40027",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40027"
    },
    {
      "published_at": "2025-10-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40024"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40029",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40029"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40065",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40065"
    },
    {
      "published_at": "2025-10-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40020",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40020"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62518",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62518"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40075",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40075"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40060",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40060"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40018",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40018"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40032",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40032"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40038",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40038"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40078",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40078"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40036",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40036"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40048",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40048"
    }
  ]
}

ghsa-c442-5cxr-p4xq

Vulnerability from github

Published

2025-10-28 12:30

Modified

2025-10-28 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

smc: Fix use-after-free in __pnet_find_base_ndev().

syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0]

smc_pnet_find_ism_resource() fetches sk_dst_get(sk)->dev and passes down to pnet_find_base_ndev(), where RTNL is held. Then, UAF happened at __pnet_find_base_ndev() when the dev is first used.

This means dev had already been freed before acquiring RTNL in pnet_find_base_ndev().

While dev is going away, dst->dev could be swapped with blackhole_netdev, and the dev's refcnt by dst will be released.

We must hold dev's refcnt before calling smc_pnet_find_ism_resource().

Also, smc_pnet_find_roce_resource() has the same problem.

Let's use __sk_dst_get() and dst_dev_rcu() in the two functions.

[0]: BUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926 Read of size 1 at addr ffff888036bac33a by task syz.0.3632/18609

CPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926 pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline] smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline] smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154 smc_find_ism_device net/smc/af_smc.c:1030 [inline] smc_find_proposal_devices net/smc/af_smc.c:1115 [inline] __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545 smc_connect+0x877/0xd90 net/smc/af_smc.c:1715 __sys_connect_file net/socket.c:2086 [inline] __sys_connect+0x313/0x440 net/socket.c:2105 __do_sys_connect net/socket.c:2111 [inline] __se_sys_connect net/socket.c:2108 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:2108 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f47cbf8eba9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9 RDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b RBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8

The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000 raw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851 prep_new_page mm/page_alloc.c:1859 [inline] get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416 kmalloclarge_node+0x5f/0x1b0 mm/slub.c:4317 kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348 __do_kmalloc_node mm/slub.c:4364 [inline] __kvmalloc_node ---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40064"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-28T12:15:40Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in __pnet_find_base_ndev().\n\nsyzbot reported use-after-free of net_device in __pnet_find_base_ndev(),\nwhich was called during connect(). [0]\n\nsmc_pnet_find_ism_resource() fetches sk_dst_get(sk)-\u003edev and passes\ndown to pnet_find_base_ndev(), where RTNL is held.  Then, UAF happened\nat __pnet_find_base_ndev() when the dev is first used.\n\nThis means dev had already been freed before acquiring RTNL in\npnet_find_base_ndev().\n\nWhile dev is going away, dst-\u003edev could be swapped with blackhole_netdev,\nand the dev\u0027s refcnt by dst will be released.\n\nWe must hold dev\u0027s refcnt before calling smc_pnet_find_ism_resource().\n\nAlso, smc_pnet_find_roce_resource() has the same problem.\n\nLet\u0027s use __sk_dst_get() and dst_dev_rcu() in the two functions.\n\n[0]:\nBUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\nRead of size 1 at addr ffff888036bac33a by task syz.0.3632/18609\n\nCPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\n pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline]\n smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline]\n smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154\n smc_find_ism_device net/smc/af_smc.c:1030 [inline]\n smc_find_proposal_devices net/smc/af_smc.c:1115 [inline]\n __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545\n smc_connect+0x877/0xd90 net/smc/af_smc.c:1715\n __sys_connect_file net/socket.c:2086 [inline]\n __sys_connect+0x313/0x440 net/socket.c:2105\n __do_sys_connect net/socket.c:2111 [inline]\n __se_sys_connect net/socket.c:2108 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2108\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f47cbf8eba9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9\nRDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b\nRBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000\nraw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851\n prep_new_page mm/page_alloc.c:1859 [inline]\n get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858\n __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148\n alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416\n ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317\n __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348\n __do_kmalloc_node mm/slub.c:4364 [inline]\n __kvmalloc_node\n---truncated---",
  "id": "GHSA-c442-5cxr-p4xq",
  "modified": "2025-10-28T12:30:17Z",
  "published": "2025-10-28T12:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40064"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/233927b645cb7a14bb98d23ac72e4c7243a9f0d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d3466878afd8d43ec0ca2facfbc7f03e40d0f79"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2025-40064

Vulnerability from fkie_nvd

Published

2025-10-28 12:15

Modified

2025-10-30 15:05

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/233927b645cb7a14bb98d23ac72e4c7243a9f0d9
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3d3466878afd8d43ec0ca2facfbc7f03e40d0f79

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in __pnet_find_base_ndev().\n\nsyzbot reported use-after-free of net_device in __pnet_find_base_ndev(),\nwhich was called during connect(). [0]\n\nsmc_pnet_find_ism_resource() fetches sk_dst_get(sk)-\u003edev and passes\ndown to pnet_find_base_ndev(), where RTNL is held.  Then, UAF happened\nat __pnet_find_base_ndev() when the dev is first used.\n\nThis means dev had already been freed before acquiring RTNL in\npnet_find_base_ndev().\n\nWhile dev is going away, dst-\u003edev could be swapped with blackhole_netdev,\nand the dev\u0027s refcnt by dst will be released.\n\nWe must hold dev\u0027s refcnt before calling smc_pnet_find_ism_resource().\n\nAlso, smc_pnet_find_roce_resource() has the same problem.\n\nLet\u0027s use __sk_dst_get() and dst_dev_rcu() in the two functions.\n\n[0]:\nBUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\nRead of size 1 at addr ffff888036bac33a by task syz.0.3632/18609\n\nCPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\n pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline]\n smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline]\n smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154\n smc_find_ism_device net/smc/af_smc.c:1030 [inline]\n smc_find_proposal_devices net/smc/af_smc.c:1115 [inline]\n __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545\n smc_connect+0x877/0xd90 net/smc/af_smc.c:1715\n __sys_connect_file net/socket.c:2086 [inline]\n __sys_connect+0x313/0x440 net/socket.c:2105\n __do_sys_connect net/socket.c:2111 [inline]\n __se_sys_connect net/socket.c:2108 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2108\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f47cbf8eba9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9\nRDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b\nRBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000\nraw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851\n prep_new_page mm/page_alloc.c:1859 [inline]\n get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858\n __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148\n alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416\n ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317\n __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348\n __do_kmalloc_node mm/slub.c:4364 [inline]\n __kvmalloc_node\n---truncated---"
    }
  ],
  "id": "CVE-2025-40064",
  "lastModified": "2025-10-30T15:05:32.197",
  "metrics": {},
  "published": "2025-10-28T12:15:40.840",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/233927b645cb7a14bb98d23ac72e4c7243a9f0d9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3d3466878afd8d43ec0ca2facfbc7f03e40d0f79"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-40064 (GCVE-0-2025-40064)

Vulnerability from cvelistv5

msrc_cve-2025-40064

Vulnerability from csaf_microsoft

CERTFR-2025-AVI-0941

Vulnerability from certfr_avis

Solutions

ghsa-c442-5cxr-p4xq

Vulnerability from github

fkie_cve-2025-40064

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature