Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with async decryption can lead to various issues (UAF on the skb, writing into userspace memory after the recv() call has returned). In this case, wait for all pending decryption requests.
References
- https://git.kernel.org/stable/c/39dec4ea3daf77f684308576baf483b55ca7f160
- https://git.kernel.org/stable/c/4fc109d0ab196bd943b7451276690fb6bb48c2e0
- https://git.kernel.org/stable/c/9f83fd0c179e0f458e824e417f9d5ad53443f685
- https://git.kernel.org/stable/c/b8a6ff84abbcbbc445463de58704686011edc8e1
- https://git.kernel.org/stable/c/c61d4368197d65c4809d9271f3b85325a600586a
FAQ
What is CVE-2025-40176?
CVE-2025-40176 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of t...
How severe is CVE-2025-40176?
CVSS scoring is not yet available for CVE-2025-40176. Check NVD for updates.
Is there a patch for CVE-2025-40176?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.