CVE-2025-40348
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's slab allocator where two competing threads entering the function alloc_slab_obj_exts() can cause a race condition. If one thread fails to allocate the object extension vector, it might overwrite the valid slab->obj_exts pointer set by the other thread with a failure indicator (OBJEXTS_ALLOC_FAIL). This leads to the thread that lost the race dereferencing a NULL pointer later, potentially causing a crash or undefined behavior. The fix involves updating slab->obj_exts atomically using cmpxchg() to prevent such race conditions.
How can this vulnerability impact me? :
The vulnerability can cause a NULL pointer dereference in the Linux kernel, which may lead to system crashes or instability. This can affect system reliability and availability, potentially causing denial of service or unexpected behavior in applications relying on the kernel.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the fix for this vulnerability, which involves atomic updates to slab->obj_exts using cmpxchg() to prevent race conditions. Avoid running unpatched kernel versions to mitigate the risk of NULL pointer dereferences caused by this race condition.