{"id":"CVE-2025-40149","summary":"tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().\n\nget_netdev_for_sock() is called during setsockopt(),\nso not under RCU.\n\nUsing sk_dst_get(sk)-\u003edev could trigger UAF.\n\nLet's use __sk_dst_get() and dst_dev_rcu().\n\nNote that the only -\u003endo_sk_get_lower_dev() user is\nbond_sk_get_lower_dev(), which uses RCU.","modified":"2026-03-20T12:43:11.703320Z","published":"2025-11-12T10:23:27.122Z","related":["SUSE-SU-2025:4393-1","SUSE-SU-2025:4422-1","SUSE-SU-2025:4505-1","SUSE-SU-2025:4516-1","SUSE-SU-2025:4517-1","SUSE-SU-2025:4521-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:20012-1","SUSE-SU-2026:20015-1","SUSE-SU-2026:20021-1","SUSE-SU-2026:20039-1","SUSE-SU-2026:20059-1","SUSE-SU-2026:20473-1","SUSE-SU-2026:20496-1","openSUSE-SU-2025:20172-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40149.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/13159c7125636371543a82cb7bbae00ab36730cc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2b1bef126bbb8d0da51491357559126d567c1dee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c65f27b9c3be2269918e1cbad6d8884741f835c5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e37ca0092ddace60833790b4ad7a390408fb1be9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f09cd209359a23f88d4f3fa3d2379d057027e53c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/feb474ddbf26b51f462ae2e60a12013bdcfc5407"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40149.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40149"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e8f69799810c32dd40c6724d829eccc70baad07f"},{"fixed":"2b1bef126bbb8d0da51491357559126d567c1dee"},{"fixed":"e37ca0092ddace60833790b4ad7a390408fb1be9"},{"fixed":"13159c7125636371543a82cb7bbae00ab36730cc"},{"fixed":"f09cd209359a23f88d4f3fa3d2379d057027e53c"},{"fixed":"feb474ddbf26b51f462ae2e60a12013bdcfc5407"},{"fixed":"c65f27b9c3be2269918e1cbad6d8884741f835c5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40149.json"}}],"schema_version":"1.7.5"}