CVE-2025-40201
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths The usage of task_lock(tsk->group_leader) in sys_prlimit64()->do_prlimit() path is very broken. sys_prlimit64() does get_task_struct(tsk) but this only protects task_struct itself. If tsk != current and tsk is not a leader, this process can exit/exec and task_lock(tsk->group_leader) may use the already freed task_struct. Another problem is that sys_prlimit64() can race with mt-exec which changes ->group_leader. In this case do_prlimit() may take the wrong lock, or (worse) ->group_leader may change between task_lock() and task_unlock(). Change sys_prlimit64() to take tasklist_lock when necessary. This is not nice, but I don't see a better fix for -stable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-14
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40201
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves a race condition in the Linux kernel's sys_prlimit64() function. Specifically, the function uses task_lock(tsk->group_leader) in a way that is unsafe because the task_struct it references may be freed if the task is not the current process and not a leader. Additionally, sys_prlimit64() can race with multi-threaded exec operations that change the group_leader, potentially causing the function to take the wrong lock or have inconsistent locking behavior. The fix involves taking the tasklist_lock when necessary to prevent these race conditions.


How can this vulnerability impact me? :

This vulnerability can lead to race conditions in the kernel, which may cause incorrect locking and use of freed memory structures. This can result in kernel instability, crashes, or potentially allow attackers to exploit these conditions to cause denial of service or escalate privileges.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by updating the Linux kernel to a version where sys_prlimit64() properly takes tasklist_lock to avoid race conditions. Therefore, the immediate step is to apply the latest kernel updates or patches that address this issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart