CVE-2025-40064: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-40064 is a use-after-free vulnerability discovered in the Linux kernel's SMC (Shared Memory Communication) subsystem, specifically in the _pnetfindbasendev() function. The vulnerability was disclosed on October 28, 2025. This security flaw affects the network device handling during connection establishment in the SMC protocol implementation (NVD).

The vulnerability occurs when smcpnetfindismresource() fetches skdstget(sk)->dev and passes it to pnetfindbasendev(), where RTNL (Route Netlink) lock is held. A use-after-free condition occurs at _pnetfindbasendev() when the device is first used, indicating that the device had already been freed before acquiring RTNL in pnetfindbasendev(). While the device is being removed, dst->dev could be swapped with blackhole_netdev, and the device's reference count by dst will be released. Red Hat has assigned this vulnerability a CVSS v3.1 score of 7.0, indicating high severity (Red Hat).

The vulnerability could potentially lead to system crashes, memory corruption, or possible privilege escalation in affected Linux kernel versions. The issue affects multiple Red Hat Enterprise Linux versions including RHEL 8, RHEL 9, and RHEL 10, as well as their real-time kernel variants (Red Hat).

The fix involves modifying the code to hold the device's reference count before calling smcpnetfindismresource(). Additionally, smcpnetfindroceresource() had the same issue and was also addressed. The solution implements the use of _skdstget() and dstdev_rcu() in both functions (NVD).