ipvs: Defer ip_vs_ftp unregister during netns cleanup — CVE-2025-40018

Summary

Advisory CVE-2025-40018. ipvs: Defer ip_vs_ftp unregister during netns cleanup Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 7. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() CVE-2025-40082
• vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check CVE-2023-53543
• .NET Elevation of Privilege Vulnerability CVE-2025-55247
• af_unix: Fix null-ptr-deref in unix_stream_sendpage(). CVE-2023-53469
• ALPN negotiation error contains attacker controlled information in crypto/tls CVE-2025-58189
• AMD CVE-2025-0033: RMP Corruption During SNP Initialization CVE-2025-0033
• Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-47989
• Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-58724
• astral-tokio-tar Vulnerable to PAX Header Desynchronization CVE-2025-62518
• Azure Compute Gallery Elevation of Privilege Vulnerability CVE-2025-59292
• Azure Event Grid System Elevation of Privilege Vulnerability CVE-2025-59273
• Azure Local Elevation of Privilege Vulnerability CVE-2025-55697