CVE-2025-40024 in Linuxinformação

Sumário

de MITRE • 24/10/2025

In the Linux kernel, the following vulnerability has been resolved:

vhost: Take a reference on the task in struct vhost_task.

vhost_task_create() creates a task and keeps a reference to its task_struct. That task may exit early via a signal and its task_struct will be released. A pending vhost_task_wake() will then attempt to wake the task and access a task_struct which is no longer there.

Acquire a reference on the task_struct while creating the thread and release the reference while the struct vhost_task itself is removed. If the task exits early due to a signal, then the vhost_task_wake() will still access a valid task_struct. The wake is safe and will be skipped in this case.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsável

Linux

Reservar

16/04/2025

Divulgação

24/10/2025

Moderação

aceite

Entrada

VDB-329777

CPE

pronto

EPSS

0.00183

KEV

não

Atividades

muito baixo

Fontes

Interested in the pricing of exploits?

See the underground prices here!