{"id":"CVE-2025-40018","summary":"ipvs: Defer ip_vs_ftp unregister during netns cleanup","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.","modified":"2026-04-22T18:29:22.528756077Z","published":"2025-10-24T11:44:28.955Z","related":["SUSE-SU-2025:21040-1","SUSE-SU-2025:21052-1","SUSE-SU-2025:21056-1","SUSE-SU-2025:21064-1","SUSE-SU-2025:21080-1","SUSE-SU-2025:21147-1","SUSE-SU-2025:21180-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4111-1","SUSE-SU-2025:4128-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4135-1","SUSE-SU-2025:4139-1","SUSE-SU-2025:4140-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4149-1","SUSE-SU-2025:4188-1","SUSE-SU-2025:4189-1","SUSE-SU-2025:4301-1","SUSE-SU-2025:4320-1","SUSE-SU-2026:0352-1","SUSE-SU-2026:1185-1","SUSE-SU-2026:1188-1","SUSE-SU-2026:1212-1","SUSE-SU-2026:1221-1","SUSE-SU-2026:1222-1","SUSE-SU-2026:1225-1","SUSE-SU-2026:1236-1","SUSE-SU-2026:1239-1","SUSE-SU-2026:1242-1","SUSE-SU-2026:1244-1","SUSE-SU-2026:1248-1","SUSE-SU-2026:1259-1","SUSE-SU-2026:1263-1","SUSE-SU-2026:1268-1","SUSE-SU-2026:1269-1","SUSE-SU-2026:1271-1","SUSE-SU-2026:1278-1","SUSE-SU-2026:1280-1","SUSE-SU-2026:1281-1","SUSE-SU-2026:1283-1","SUSE-SU-2026:1285-1","SUSE-SU-2026:1287-1","SUSE-SU-2026:1297-1","SUSE-SU-2026:1298-1","SUSE-SU-2026:1304-1","SUSE-SU-2026:21007-1","SUSE-SU-2026:21008-1","SUSE-SU-2026:21043-1","SUSE-SU-2026:21044-1","SUSE-SU-2026:21045-1","SUSE-SU-2026:21046-1","SUSE-SU-2026:21047-1","SUSE-SU-2026:21048-1","SUSE-SU-2026:21049-1","SUSE-SU-2026:21050-1","SUSE-SU-2026:21053-1","SUSE-SU-2026:21054-1","SUSE-SU-2026:21055-1","SUSE-SU-2026:21056-1","SUSE-SU-2026:21057-1","SUSE-SU-2026:21058-1","SUSE-SU-2026:21059-1","SUSE-SU-2026:21060-1","SUSE-SU-2026:21061-1","SUSE-SU-2026:21073-1","SUSE-SU-2026:21074-1","SUSE-SU-2026:21075-1","SUSE-SU-2026:21076-1","SUSE-SU-2026:21077-1","SUSE-SU-2026:21078-1","SUSE-SU-2026:21079-1","SUSE-SU-2026:21080-1","SUSE-SU-2026:21083-1","SUSE-SU-2026:21084-1","SUSE-SU-2026:21085-1","SUSE-SU-2026:21086-1","SUSE-SU-2026:21087-1","SUSE-SU-2026:21088-1","SUSE-SU-2026:21089-1","SUSE-SU-2026:21090-1","SUSE-SU-2026:21091-1","SUSE-SU-2026:21096-1","SUSE-SU-2026:21099-1","SUSE-SU-2026:21217-1","SUSE-SU-2026:21219-1","openSUSE-SU-2025:15702-1","openSUSE-SU-2025:20091-1","openSUSE-SU-2026:10301-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40018.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/134121bfd99a06d44ef5ba15a9beb075297c0821"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1d79471414d7b9424d699afff2aa79fff322f52d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/421b1ae1574dfdda68b835c15ac4921ec0030182"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53717f8a4347b78eac6488072ad8e5adbaff38d9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8a6ecab3847c213ce2855b0378e63ce839085de3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8cbe2a21d85727b66d7c591fd5d83df0d8c4f757"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a343811ef138a265407167294275201621e9ebb2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dc1a481359a72ee7e548f1f5da671282a7c13b8f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40018.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40018"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"61b1ab4583e275af216c8454b9256de680499b19"},{"fixed":"8a6ecab3847c213ce2855b0378e63ce839085de3"},{"fixed":"421b1ae1574dfdda68b835c15ac4921ec0030182"},{"fixed":"1d79471414d7b9424d699afff2aa79fff322f52d"},{"fixed":"53717f8a4347b78eac6488072ad8e5adbaff38d9"},{"fixed":"8cbe2a21d85727b66d7c591fd5d83df0d8c4f757"},{"fixed":"dc1a481359a72ee7e548f1f5da671282a7c13b8f"},{"fixed":"a343811ef138a265407167294275201621e9ebb2"},{"fixed":"134121bfd99a06d44ef5ba15a9beb075297c0821"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40018.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.39"},{"fixed":"5.4.301"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.246"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.195"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.156"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.112"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.53"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40018.json"}}],"schema_version":"1.7.5"}