oM noM Security Feeds cve
vulnerability context

CVE-2025-40003

EPSS 13%

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls cancel_delayed_work() in ocelot_stats_deinit() to cancel the cyclic delayed work item ocelot->stats_work. However, cancel_delayed_work() may fail to cancel the work item if it is already executing. While destroy_workqueue() does wait for all pending work items in the work queue to complete before destroying the work queue, it cannot prevent the delayed work item from being rescheduled within the ocelot_check_stats_work() function. This ...

Published 2025-10-18 · last modified 2026-06-17

details

CISA KEV status
Not in catalog
EPSS
13% percentile (score 0.0022)

source mentions 2

source consensus

  • Bluesky
Want the 3-bullet summary of CVE-2025-40003, plus webhook alerts when KEV is updated? Pro is $10/mo.