CVE-2025-40358
BaseFortify
Publication date: 2025-12-16
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel where the Kernel Address Sanitizer (KASAN) performs out-of-bounds checks when unwinding the stack of a task other than the current one. Specifically, KASAN reports a 'BUG: KASAN: out-of-bounds in walk_stackframe' error due to these checks. The issue affects RISC-V architecture and is similar to a previously resolved issue on x86. The fix involves disabling KASAN checks for non-current tasks during stack unwinding.
How can this vulnerability impact me? :
The vulnerability can cause the Linux kernel to report false positive KASAN out-of-bounds errors when unwinding the stack of non-current tasks. This may lead to kernel instability or crashes during debugging or runtime analysis, potentially affecting system reliability and debugging processes.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that disables KASAN checks for non-current tasks in the Linux kernel, as done in commit 84936118bdf3 for x86 and similarly for RISC-V. Refer to the patch linked at https://seclists.org/oss-sec/2025/q4/23 for details.