CVE-2025-40170: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-40170 is a vulnerability discovered in the Linux kernel related to RCU (Read-Copy-Update) protection in network operations. The vulnerability was disclosed on November 12, 2025, affecting various Linux kernel implementations across multiple distributions (NVD).

The vulnerability involves improper protection of accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size() functions. The issue extends to ip6_dst_mtu_maybe_forward(), ip_dst_mtu_maybe_forward(), and ip4_dst_hoplimit() functions which require proper RCU protection for device access (NVD).

The vulnerability affects multiple Linux distributions including Ubuntu, Debian, and their derivatives. In Ubuntu, it impacts various kernel versions across different releases including the main kernel, AWS, Azure, and GCP-specific kernels (Ubuntu). In Debian, it affects multiple releases including bullseye, bookworm, and trixie (Debian).

The issue has been resolved in newer kernel versions. Debian has fixed the vulnerability in version 6.17.6-1 and later releases (Debian). The fix implements proper RCU protection by using dst_dev_rcu() in the affected functions.