CVE-2025-40024

NONE EPSS 8.1%
Published Oct 24, 20258mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 24, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhost_task. vhost_task_create() creates a task and keeps a reference to its task_struct. That task may exit early via a signal and its task_struct will be released. A pending vhost_task_wake() will then attempt to wake the task and access a task_struct which is no longer there. Acquire a reference on the task_struct while creating the thread and release the reference while the struct vhost_task itself is removed. If the task exits early due to a signal, then the vhost_task_wake() will still access a valid task_struct. The wake is safe and will be skipped in this case.

Threat Intelligence

EPSS Exploit Probability
8.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 4

  • git.kernel.org https://git.kernel.org/stable/c/7ce635b3d3aba43296b62b5a2d97c008bc51cbd2
  • git.kernel.org https://git.kernel.org/stable/c/82a1463c968b1a6ae598a4f2fcef17b71bb7d3a0
  • git.kernel.org https://git.kernel.org/stable/c/afe16653e05db07d658b55245c7a2e0603f136c0
  • git.kernel.org https://git.kernel.org/stable/c/d2be773a92874a070215b51b730cb2b1eaa8fae2

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.