1. Home
  2. Vulnerabilities
  3. CVE-2025-40018
0.0
NA
CVE-2025-40018
ipvs: Defer ip_vs_ftp unregister during netns cleanup
Description

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.

INFO

Published Date :

Oct. 24, 2025, 12:15 p.m.

Last Modified :

Oct. 29, 2025, 2:15 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-40018 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Fix Linux kernel use-after-free by deferring module unregistration during netns cleanup.
  • Update the Linux kernel to a patched version.
  • Ensure ip_vs_ftp unregistration is deferred during netns cleanup.
  • Defer ip_vs_ftp unregister to __ip_vs_cleanup_batch().
  • Set exiting_module flag before unregistering pernet subsystem.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-40018.

URL Resource
https://git.kernel.org/stable/c/134121bfd99a06d44ef5ba15a9beb075297c0821
https://git.kernel.org/stable/c/1d79471414d7b9424d699afff2aa79fff322f52d
https://git.kernel.org/stable/c/421b1ae1574dfdda68b835c15ac4921ec0030182
https://git.kernel.org/stable/c/53717f8a4347b78eac6488072ad8e5adbaff38d9
https://git.kernel.org/stable/c/8a6ecab3847c213ce2855b0378e63ce839085de3
https://git.kernel.org/stable/c/8cbe2a21d85727b66d7c591fd5d83df0d8c4f757
https://git.kernel.org/stable/c/a343811ef138a265407167294275201621e9ebb2
https://git.kernel.org/stable/c/dc1a481359a72ee7e548f1f5da671282a7c13b8f
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-40018 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-40018 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-40018 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-40018 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Oct. 29, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/421b1ae1574dfdda68b835c15ac4921ec0030182
    Added Reference https://git.kernel.org/stable/c/8a6ecab3847c213ce2855b0378e63ce839085de3
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Oct. 24, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.
    Added Reference https://git.kernel.org/stable/c/134121bfd99a06d44ef5ba15a9beb075297c0821
    Added Reference https://git.kernel.org/stable/c/1d79471414d7b9424d699afff2aa79fff322f52d
    Added Reference https://git.kernel.org/stable/c/53717f8a4347b78eac6488072ad8e5adbaff38d9
    Added Reference https://git.kernel.org/stable/c/8cbe2a21d85727b66d7c591fd5d83df0d8c4f757
    Added Reference https://git.kernel.org/stable/c/a343811ef138a265407167294275201621e9ebb2
    Added Reference https://git.kernel.org/stable/c/dc1a481359a72ee7e548f1f5da671282a7c13b8f
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.