You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 40272
About this tag
CVE-2025-40272 is a use-after-free race condition in the Linux kernel's secret memory subsystem, specifically in the memfd_secret fault path. The vulnerability affects page-fault handling for memory regions created by memfd_secret(2) and can cause a kernel oops when two tasks fault the same page concurrently. The fix reorders fault-handler cleanup to restore the direct map before freeing the allocated folio. This issue is particularly sensitive because it impacts kernel mechanisms designed to protect in-memory secrets. The tag covers discussions and analysis of this CVE, including the upstream patch and its implications for system stability and security.
A recently assigned CVE, CVE-2025-40272, identifies a subtle but meaningful use-after-free race in the Linux kernel’s secret memory path (mm/secretmem) that was fixed upstream by reordering fault-handler cleanup so the direct map is restored before the allocated folio is freed. The flaw affects...