CVE-2025-40176

Vulnerability

Overview

CVE-2025-40176 is a vulnerability in the Linux kernel's TLS (Transport Layer Security) subsystem. During asynchronous decryption, the function tls_strp_msg_hold is called to create a clone of the input skb (socket buffer) to hold references to the memory used by the decryption operation. If this memory allocation fails, the system may proceed with the async decryption using the original skb, which can be freed or reused before the decryption completes, leading to a use-after-free (UAF) condition.

Root

Cause and Impact

The root cause is a missing check on the return value of tls_strp_msg_hold. If the allocation fails, the kernel does not wait for pending async decryption requests before continuing. This can result in the skb being freed while still in use by the decryption operation, or writing decrypted data into userspace memory after the recv() system call has already returned. An attacker who can trigger this race condition could potentially exploit the UAF to corrupt kernel memory or leak sensitive information [1][2].

Mitigation

The fix, already applied to the Linux kernel stable tree, ensures that when tls_strp_msg_hold fails, the kernel waits for all pending async decryption requests to complete before proceeding. This prevents the race condition from being exploited. The patch is available in multiple stable kernel commits [3][4]. Users should update their kernel to the latest stable version that includes this fix.