CVE-2025-40024
BaseFortify
Publication date: 2025-10-24
Last updated on: 2025-10-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's vhost subsystem where a task_struct reference was not properly maintained. When a task created by vhost_task_create() exits early due to a signal, its task_struct is released. However, a pending vhost_task_wake() might try to access this now-invalid task_struct, leading to potential use-after-free issues. The fix involves acquiring a reference to the task_struct when creating the thread and releasing it only when the vhost_task is removed, ensuring that vhost_task_wake() accesses a valid task_struct or safely skips the wake if the task has exited.
How can this vulnerability impact me? :
This vulnerability can lead to the Linux kernel attempting to access a task_struct that has already been freed, potentially causing kernel crashes, instability, or undefined behavior. Such issues could be exploited to cause denial of service or other unintended effects on systems running vulnerable kernel versions.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the vhost task reference issue is fixed. This ensures that the kernel properly takes a reference on the task_struct in struct vhost_task, preventing use-after-free conditions when tasks exit early. Until the update is applied, avoid using vulnerable vhost features that may trigger this issue.