Security tracker / CVE-2025-40149

CVE-2025-40149

tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in e8f69799810c ("net/tls: Add generic NIC offload infrastructure").
 carnil> Vulnerable versions: 4.18.

Bugs

Status

Branch	Status
upstream	released (6.18-rc1) [c65f27b9c3be2269918e1cbad6d8884741f835c5]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	released (6.17.3) [feb474ddbf26b51f462ae2e60a12013bdcfc5407]
6.12-upstream-stable	needed
6.6-upstream-stable	needed
6.1-upstream-stable	needed
5.10-upstream-stable	needed
sid	released (6.17.6-1)
6.12-trixie-security	needed
6.1-bookworm-security	needed
5.10-bullseye-security	needed