CVE-2025-40249
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's GPIO character device handling. When a file descriptor (fd) associated with the GPIO character device is closed, the release action may be deferred and executed later on a work queue. During this time, the reference count of the fd is zero, meaning it should not be used. However, a GPIO event notification might happen after the reference count has dropped to zero but before the release callback is executed, leading to a use-after-free condition if the code tries to access the fd. The vulnerability is fixed by using a safer method (get_file_active()) that returns NULL if the fd is being released, preventing the use-after-free.
How can this vulnerability impact me? :
This vulnerability can lead to a use-after-free condition in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges by exploiting the improper handling of GPIO character device file descriptors.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where this vulnerability is resolved. The fix involves ensuring that the character device file descriptor (cdev fd) is still active before emitting events by using the get_file_active() variant instead of get_file(), preventing use-after-free conditions. Applying the official patch or kernel update that includes this fix is the recommended mitigation.