CVE-2025-40173
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/ip6_tunnel: Prevent perpetual tunnel growth Similarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too. While ipv4 tunnel headroom adjustment growth was limited in commit 5ae1e9922bbd ("net: ip_tunnel: prevent perpetual headroom growth"), ipv6 tunnel yet increases the headroom without any ceiling. Reflect ipv4 tunnel headroom adjustment limit on ipv6 version. Credits to Francesco Ruggeri, who was originally debugging this issue and wrote local Arista-specific patch and a reproducer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40173
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's IPv6 tunneling implementation where the tunnel's headroom (buffer space) grows perpetually without limit. Unlike the IPv4 tunnel which has a limit on headroom growth, the IPv6 tunnel continuously increases the needed headroom, potentially leading to resource exhaustion. The fix applies the same headroom growth limit from IPv4 tunnels to IPv6 tunnels to prevent this perpetual growth.

Impact Analysis

The vulnerability can cause the IPv6 tunnel's buffer space to grow indefinitely, which may lead to excessive memory consumption and potential resource exhaustion on affected systems. This could degrade system performance or cause denial of service conditions due to uncontrolled resource usage.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40173. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart