CVE-2025-40173
Description
In the Linux kernel, the following vulnerability has been resolved:
net/ip6_tunnel: Prevent perpetual tunnel growth
Similarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too. While ipv4 tunnel headroom adjustment growth was limited in commit 5ae1e9922bbd ("net: ip_tunnel: prevent perpetual headroom growth"), ipv6 tunnel yet increases the headroom without any ceiling.
Reflect ipv4 tunnel headroom adjustment limit on ipv6 version.
Credits to Francesco Ruggeri, who was originally debugging this issue and wrote local Arista-specific patch and a reproducer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, ip6_tunnel lacks a ceiling on needed_headroom, allowing perpetual growth and potential resource exhaustion.
Vulnerability
Description
CVE-2025-40173 is a vulnerability in the Linux kernel's IPv6 tunnel implementation (net/ip6_tunnel). Similar to a previously fixed issue in IPv4 tunnels (commit 5ae1e9922bbd), the IPv6 version updates dev->needed_headroom without any limit, leading to perpetual headroom growth [1]. This unbounded growth can exhaust kernel memory or degrade network performance, resulting in a denial-of-service condition.
Exploitation
The vulnerability is triggered by repeatedly creating or reconfiguring IPv6 tunnels, which causes ip6_tnl_change to increase the headroom requirement without bound [2]. No special privileges are required beyond the ability to create or modify network tunnels (typically CAP_NET_ADMIN). An attacker with local access can exploit this to cause resource exhaustion.
Impact
Successful exploitation leads to continuous headroom expansion, potentially exhausting system memory or causing network stack failures. This can result in denial of service for the affected system and its network services.
Mitigation
The fix limits the headroom increase, mirroring the IPv4 tunnel fix [3]. Patches have been applied to the Linux kernel stable branches [4]. Users should update to the latest stable kernel to prevent exploitation.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
848294a67863ceeb434548867b6eb25d870f121f4d45eba0b566f8d5c8a4411f6066af3bf402b6985e87210fe967efe73Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/10fe967efe73c610e526ff7460581610633dee9cnvd
- git.kernel.org/stable/c/11f6066af3bfb8149aa16c42c0b0c5ea5b199a94nvd
- git.kernel.org/stable/c/21f4d45eba0b2dcae5dbc9e5e0ad08735c993f16nvd
- git.kernel.org/stable/c/402b6985e872b4cf394bbbf33b503947a326a6cbnvd
- git.kernel.org/stable/c/48294a67863c9cfa367abb66bbf0ef6548ae124fnvd
- git.kernel.org/stable/c/566f8d5c8a443f2dd69c5460fdec43ed1c870c65nvd
- git.kernel.org/stable/c/b6eb25d870f1a8ae571fd3da2244b71df547824bnvd
- git.kernel.org/stable/c/eeb4345488672584db4f8c20a1ae13a212ce31c4nvd
News mentions
0No linked articles in our index yet.