CVE-2025-40270
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-06

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm, swap: fix potential UAF issue for VMA readahead Since commit 78524b05f1a3 ("mm, swap: avoid redundant swap device pinning"), the common helper for allocating and preparing a folio in the swap cache layer no longer tries to get a swap device reference internally, because all callers of __read_swap_cache_async are already holding a swap entry reference. The repeated swap device pinning isn't needed on the same swap device. Caller of VMA readahead is also holding a reference to the target entry's swap device, but VMA readahead walks the page table, so it might encounter swap entries from other devices, and call __read_swap_cache_async on another device without holding a reference to it. So it is possible to cause a UAF when swapoff of device A raced with swapin on device B, and VMA readahead tries to read swap entries from device A. It's not easy to trigger, but in theory, it could cause real issues. Make VMA readahead try to get the device reference first if the swap device is a different one from the target entry.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-06
Last Modified
2025-12-08
Generated
2026-05-07
AI Q&A
2025-12-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40270
EUVD
EUVD-2025-201585
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a potential Use-After-Free (UAF) issue in the Linux kernel's memory management related to VMA (Virtual Memory Area) readahead and swap device handling. Specifically, when the system reads swap entries from different swap devices, it may call a function (__read_swap_cache_async) without properly holding a reference to the swap device, leading to a race condition. This can cause a UAF if swapoff on one device races with swapin on another, potentially causing memory corruption or instability.


How can this vulnerability impact me? :

This vulnerability could lead to memory corruption or instability in the Linux kernel due to a Use-After-Free condition. Although it is not easy to trigger, if exploited, it could cause system crashes or unpredictable behavior, potentially affecting system reliability and security.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart