CVE-2025-40297
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported[1] a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being deleted, after all its fdbs have been flushed. The port's state has been toggled to disabled so no learning should happen at that time, but if we have MST enabled, it will bypass the port's state, that together with VLAN filtering disabled can lead to fdb learning at a time when it shouldn't happen while the port is being deleted. VLAN filtering must be disabled because we flush the port VLANs when it's being deleted which will stop learning. This fix adds a check for the port's vlan group which is initialized to NULL when the port is getting deleted, that avoids the port state bypass. When MST is enabled there would be a minimal new overhead in the fast-path because the port's vlan group pointer is cache-hot. [1] https://syzkaller.appspot.com/bug?extid=dd280197f0f7ab3917be
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2025-12-08
Generated
2026-05-06
AI Q&A
2025-12-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40297
EUVD
EUVD-2025-201647
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free issue in the Linux kernel's network bridge code. It occurs due to a race condition when deleting an expired forwarding database (fdb) entry. Specifically, if Multiple Spanning Tree (MST) is enabled and VLAN filtering is disabled, the port's state can be bypassed, allowing fdb learning to happen while the port is being deleted. This leads to accessing memory that has already been freed, causing a use-after-free error.


How can this vulnerability impact me? :

The use-after-free vulnerability can lead to instability or crashes in the Linux kernel's networking stack, potentially causing denial of service or unpredictable behavior in network operations. It may also be exploitable to execute arbitrary code or escalate privileges, depending on the environment and attacker capabilities.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that your Linux kernel is updated with the fix that adds a check for the port's vlan group to prevent the MST port state bypass. Additionally, avoid having VLAN filtering disabled on bridge ports when MST is enabled, as this combination can lead to the vulnerability. Applying the latest kernel patches that address this use-after-free issue is the recommended immediate step.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart