CVE-2025-40203

Linux Kernel - Use-After-Free in listmount

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: listmount: don't call path_put() under namespace semaphore Massage listmount() and make sure we don't call path_put() under the namespace semaphore. If we put the last reference we're fscked.

Scores

EPSS 0.0018
EPSS Percentile 7.7%

Details

Status published
Products (10)
linux/Kernel 6.13.0 - 6.17.4linux
linux/Kernel 6.8.0 - 6.12.54linux
Linux/Linux < 6.8
Linux/Linux 6.12.54 - 6.12.*
Linux/Linux 6.17.4 - 6.17.*
Linux/Linux 6.18
Linux/Linux 6.8
Linux/Linux b4c2bea8ceaa50cd42a8f73667389d801a3ecf2d - 659874b7ee4976ad9ce476e07fd36bc67b3537f1
Linux/Linux b4c2bea8ceaa50cd42a8f73667389d801a3ecf2d - 9c80da26fda2fdcaac7f92b5908875b3108830ff
Linux/Linux b4c2bea8ceaa50cd42a8f73667389d801a3ecf2d - c1f86d0ac322c7e77f6f8dbd216c65d39358ffc0
Published Nov 12, 2025
Tracked Since Feb 18, 2026