Vulnerability in Linux

CVE-2025-40186

In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a listener is close()d while a TFO socket i…

EPSS: 0.002 (8.1th percentile) — read the EPSS interpretation.

Affected products

  • Linux — versions 6.16.9, 5.4.300, dfd06131107e7b699ef1e2a24ed2f7d17c917753

References