CVE-2025-40024

Linux Kernel 6.4.0-6.6.108, 6.7.0-6.12.49, 6.13.0-6.16.9 - Use-After-Free in vhost_task_wake

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhost_task. vhost_task_create() creates a task and keeps a reference to its task_struct. That task may exit early via a signal and its task_struct will be released. A pending vhost_task_wake() will then attempt to wake the task and access a task_struct which is no longer there. Acquire a reference on the task_struct while creating the thread and release the reference while the struct vhost_task itself is removed. If the task exits early due to a signal, then the vhost_task_wake() will still access a valid task_struct. The wake is safe and will be skipped in this case.

Scores

EPSS 0.0018
EPSS Percentile 8.1%

Details

Status published
Products (13)
linux/Kernel 6.13.0 - 6.16.10linux
linux/Kernel 6.4.0 - 6.6.109linux
linux/Kernel 6.7.0 - 6.12.50linux
Linux/Linux < 6.4
Linux/Linux 6.12.50 - 6.12.*
Linux/Linux 6.16.10 - 6.16.*
Linux/Linux 6.17
Linux/Linux 6.4
Linux/Linux 6.6.109 - 6.6.*
Linux/Linux f9010dbdce911ee1f1af1398a24b1f9f992e0080 - 7ce635b3d3aba43296b62b5a2d97c008bc51cbd2
... and 3 more
Published Oct 24, 2025
Tracked Since Feb 18, 2026