What is CVE-2025-40183?

CVE-2025-40183 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.10 onward and patched in 5.10.246, 5.15.195, 6.1.157 and others. CVE-2025-40183 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40183?

CVE-2025-40183 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40183?

Yes, CVE-2025-40183 has been patched. Fixed versions include 5.10.246, 5.15.195, 6.1.157 and others. If you are running Linux kernel 5.10 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40183 actively exploited?

CVE-2025-40183 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40183

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Cilium has a BPF egress gateway feature which forces outgoing K8s Pod traffic to pass through dedicated egress gateways which then SNAT the traffic in order to interact with stable IPs outside the cluster. The traffic is directed to the gateway via vxlan tunnel in collect md mode. A recent BPF change utilized the bpf_redirect_neigh() helper to forward packets after the arrival and decap on vxlan, which turned out over time that the kmalloc-256 slab usage in kernel was ever-increasing. The issue was that vxlan allocates the metadata_dst object and attaches it through a fake dst entry to the skb. The latter was never released though given bpf_redirect_neigh() was merely setting the new dst entry via skb_dst_set() without dropping an existing one first.

Package Linux Kernel

Published 2025-11-12

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.10 and later are affected. Fixed in 5.10.246, 5.15.195, 6.1.157, 6.6.113, 6.12.54, 6.17.4, 6.18 and their respective stable series.

Affected from

≥ 5.10

Fixed in

✓ 5.10.246 5.10.x ✓ 5.15.195 5.15.x ✓ 6.1.157 6.1.x ✓ 6.6.113 6.6.x ✓ 6.12.54 6.12.x ✓ 6.17.4 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40183 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/057764172fcc6ee2ccb6c41351a55a9f054dc8fd
Patch
Kernel patch commit
https://git.kernel.org/stable/c/23f3770e1a53e6c7a553135011f547209e141e72
Patch
Kernel patch commit
https://git.kernel.org/stable/c/2e67c2037382abb56497bb9d7b7e10be04eb5598
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40183?

CVE-2025-40183 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.10 onward and has been patched in 5.10.246, 5.15.195, 6.1.157 and others. CVE-2025-40183 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40183?

Yes — CVE-2025-40183 has been patched. Fixed versions include 5.10.246, 5.15.195, 6.1.157 and others. If you are running Linux kernel 5.10 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40183 actively exploited?

No — CVE-2025-40183 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.