CVE-2025-40024
Linux Kernel 6.4.0-6.6.108, 6.7.0-6.12.49, 6.13.0-6.16.9 - Use-After-Free in vhost_task_wake
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhost_task. vhost_task_create() creates a task and keeps a reference to its task_struct. That task may exit early via a signal and its task_struct will be released. A pending vhost_task_wake() will then attempt to wake the task and access a task_struct which is no longer there. Acquire a reference on the task_struct while creating the thread and release the reference while the struct vhost_task itself is removed. If the task exits early due to a signal, then the vhost_task_wake() will still access a valid task_struct. The wake is safe and will be skipped in this case.
References (4)
Core 4
Core References
Scores
EPSS
0.0018
EPSS Percentile
8.1%
Details
Status
published
Products (13)
linux/Kernel
6.13.0 - 6.16.10linux
linux/Kernel
6.4.0 - 6.6.109linux
linux/Kernel
6.7.0 - 6.12.50linux
Linux/Linux
< 6.4
Linux/Linux
6.12.50 - 6.12.*
Linux/Linux
6.16.10 - 6.16.*
Linux/Linux
6.17
Linux/Linux
6.4
Linux/Linux
6.6.109 - 6.6.*
Linux/Linux
f9010dbdce911ee1f1af1398a24b1f9f992e0080 - 7ce635b3d3aba43296b62b5a2d97c008bc51cbd2
... and 3 more
Published
Oct 24, 2025
Tracked Since
Feb 18, 2026