SB2025102601 - Use-after-free in Linux kernel netfilter ipvs
Published: October 26, 2025
Security Bulletin ID
SB2025102601
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-40018)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ip_vs_ftp_exit() and ip_vs_ftp_init() functions in net/netfilter/ipvs/ip_vs_ftp.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/134121bfd99a06d44ef5ba15a9beb075297c0821
- https://git.kernel.org/stable/c/1d79471414d7b9424d699afff2aa79fff322f52d
- https://git.kernel.org/stable/c/53717f8a4347b78eac6488072ad8e5adbaff38d9
- https://git.kernel.org/stable/c/8cbe2a21d85727b66d7c591fd5d83df0d8c4f757
- https://git.kernel.org/stable/c/a343811ef138a265407167294275201621e9ebb2
- https://git.kernel.org/stable/c/dc1a481359a72ee7e548f1f5da671282a7c13b8f