CVE-2025-40003

🗓️ 18 Oct 2025 08:03:23Reported by LinuxType

Fix use-after-free in ocelot stats by ensuring delayed work is not rescheduled after destroy.

Reporter	Title	Published	Views	Family All 180
AstraLinux	Astra Linux - уязвимость в linux-6.12	13 Jan 202614:01	–	astralinux
Circl	CVE-2025-40003	20 Oct 202506:46	–	circl
CNNVD	Linux kernel 安全漏洞	18 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work	18 Oct 202508:03	–	cvelist
Debian CVE	CVE-2025-40003	18 Oct 202508:03	–	debiancve
EUVD	EUVD-2025-34986	18 Oct 202509:30	–	euvd
Microsoft CVE	net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work	19 Oct 202501:01	–	mscve
NVD	CVE-2025-40003	18 Oct 202508:15	–	nvd
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2025:20172-1)	24 Dec 202500:00	–	nessus
Tenable Nessus	Ubuntu 25.10 : Linux kernel vulnerabilities (USN-8029-1)	13 Feb 202600:00	–	nessus

Vulners

CNA

Node

linux linux_kernelRange4.18–6.12.54

linux linux_kernelRange6.13.0–6.17.4

linux linux_kernelRange6.18.0≥

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/mscc/ocelot_stats.c"
    ],
    "versions": [
      {
        "version": "a556c76adc052c979ef9e80f0cd3fa1379ff4943",
        "lessThan": "70acdd1eb35ffb3afdcb59e4c3bbb178da411d0f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a556c76adc052c979ef9e80f0cd3fa1379ff4943",
        "lessThan": "c3363db5d0685a8d077ade706051bbccc75f7e14",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a556c76adc052c979ef9e80f0cd3fa1379ff4943",
        "lessThan": "bc9ea787079671cb19a8b25ff9f02be5ef6bfcf5",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/ethernet/mscc/ocelot_stats.c"
    ],
    "versions": [
      {
        "version": "4.18",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.18",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.54",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17.4",
        "lessThanOrEqual": "6.17.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/c3363db5d0685a8d077ade706051bbccc75f7e14
git	www.git.kernel.org/stable/c/70acdd1eb35ffb3afdcb59e4c3bbb178da411d0f
git	www.git.kernel.org/stable/c/bc9ea787079671cb19a8b25ff9f02be5ef6bfcf5

11 May 2026 21:40Current

6.3Medium risk

Vulners AI Score6.3

EPSS0.0004