CVE-2025-40348
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts If two competing threads enter alloc_slab_obj_exts() and one of them fails to allocate the object extension vector, it might override the valid slab->obj_exts allocated by the other thread with OBJEXTS_ALLOC_FAIL. This will cause the thread that lost this race and expects a valid pointer to dereference a NULL pointer later on. Update slab->obj_exts atomically using cmpxchg() to avoid slab->obj_exts overrides by racing threads. Thanks for Vlastimil and Suren's help with debugging.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40348
EUVD
EUVD-2025-203639
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's slab allocator where two competing threads entering the function alloc_slab_obj_exts() can cause a race condition. If one thread fails to allocate the object extension vector, it might overwrite the valid slab->obj_exts pointer set by the other thread with a failure indicator (OBJEXTS_ALLOC_FAIL). This leads to the thread that lost the race dereferencing a NULL pointer later, potentially causing a crash or undefined behavior. The fix involves updating slab->obj_exts atomically using cmpxchg() to prevent such race conditions.

Impact Analysis

The vulnerability can cause a NULL pointer dereference in the Linux kernel, which may lead to system crashes or instability. This can affect system reliability and availability, potentially causing denial of service or unexpected behavior in applications relying on the kernel.

Mitigation Strategies

Update the Linux kernel to a version that includes the fix for this vulnerability, which involves atomic updates to slab->obj_exts using cmpxchg() to prevent race conditions. Avoid running unpatched kernel versions to mitigate the risk of NULL pointer dereferences caused by this race condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40348. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart