🟠 High | Source: Microsoft Security Response Center
CVE-2025-40139 is a Linux kernel vulnerability in the SMC (Shared Memory Communications) subsystem, specifically in the smc_clc_prfx_set() function, where unsafe socket destination cache access could lead to a race condition or use-after-free scenario. This type of flaw can potentially be exploited to cause system instability or, in more severe cases, arbitrary code execution within the kernel. It is relevant to Azure environments running Linux-based virtual machines or container workloads that rely on the SMC protocol.
Security Architect’s Take: Review whether your Azure Linux VM or AKS workloads use SMC/RDMA networking, and ensure the underlying kernel is patched to a version that includes this fix. Monitor Microsoft’s update guidance for affected Azure host or guest kernel versions and prioritise patching in environments where SMC is actively used.
Original advisory: CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().