cve 2025 40272

About this tag
CVE-2025-40272 is a use-after-free race condition in the Linux kernel's secret memory subsystem, specifically in the memfd_secret fault path. The vulnerability affects page-fault handling for memory regions created by memfd_secret(2) and can cause a kernel oops when two tasks fault the same page concurrently. The fix reorders fault-handler cleanup to restore the direct map before freeing the allocated folio. This issue is particularly sensitive because it impacts kernel mechanisms designed to protect in-memory secrets. The tag covers discussions and analysis of this CVE, including the upstream patch and its implications for system stability and security.
  1. Linux Secretmem UAF Fix for CVE-2025-40272 in memfd_secret Fault Path

    A recently assigned CVE, CVE-2025-40272, identifies a subtle but meaningful use-after-free race in the Linux kernel’s secret memory path (mm/secretmem) that was fixed upstream by reordering fault-handler cleanup so the direct map is restored before the allocated folio is freed. The flaw affects...