CVE-2025-40036 in Linux
Summary
by MITRE • 10/28/2025
In the Linux kernel, the following vulnerability has been resolved:
misc: fastrpc: fix possible map leak in fastrpc_put_args
copy_to_user() failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix this by redirecting to a cleanup path on failure, ensuring that all mapped buffers are properly released before returning.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/19/2026
The vulnerability identified as CVE-2025-40036 resides within the Linux kernel's fastrpc subsystem, specifically affecting the fastrpc_put_args function. This issue represents a classic resource management flaw that can lead to memory leakage and potential system instability. The fastrpc framework facilitates communication between the application processor and digital signal processors in embedded systems, making it a critical component for device functionality. The vulnerability manifests when the copy_to_user() function fails during data transfer operations, creating a scenario where cleanup procedures are bypassed.
The technical flaw occurs due to improper error handling within the fastrpc_put_args function where the system performs an early return upon copy_to_user() failure without executing the necessary cleanup routine for the fdlist structure. This fdlist contains file descriptor information that has been modified by the DSP component during the communication process. When the copy_to_user() operation fails, typically due to memory access violations or invalid user space pointers, the function exits prematurely without releasing the mapped buffers that were allocated and updated by the DSP. This results in a memory leak where the mapped buffers remain allocated in kernel memory, potentially leading to gradual memory exhaustion over time.
The operational impact of this vulnerability extends beyond simple memory consumption issues, as it can compromise system stability and performance in embedded and mobile devices that rely heavily on fastrpc functionality. The memory leak can accumulate over time, particularly in systems with frequent fastrpc operations, eventually leading to system slowdowns, application crashes, or even complete system hangs. This vulnerability is particularly concerning in automotive, industrial control systems, and mobile devices where the Linux kernel's real-time performance characteristics are critical for safe operation. The flaw can be exploited by malicious actors to exhaust system resources, potentially enabling denial-of-service attacks against critical embedded systems.
Mitigation strategies for this vulnerability require kernel-level patches that ensure proper error handling and resource cleanup paths. The fix implements a redirection to a dedicated cleanup path whenever copy_to_user() fails, guaranteeing that all mapped buffers are properly released before function return. This approach aligns with established security practices for resource management and follows the principle of least privilege in kernel space operations. Organizations should prioritize applying the vendor-provided kernel updates that address this specific vulnerability. Additionally, system administrators should monitor for unusual memory consumption patterns that might indicate exploitation attempts. The vulnerability demonstrates the importance of robust error handling in kernel subsystems and highlights the need for comprehensive testing of error paths in security-critical components. This issue falls under CWE-404, which addresses improper resource release or cleanup, and aligns with ATT&CK technique T1499.001 for resource exhaustion attacks, making it a significant concern for system security and reliability.