Kernel Bug in Linux Kernel Affecting Memory Access Validation
CVE-2025-40009

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40009?

A vulnerability in the Linux kernel arises from improper validation of memory access during the execution of the PAGEMAP_SCAN ioctl when vec_len is set to zero, leading to a potential kernel panic due to a deference of a NULL pointer in the pagemap_scan_backout_range function. This flaw can disrupt the expected behavior of the system, potentially allowing for instability or unresponsive states. A fix is implemented to check for NULL before dereferencing p->vec_buf, ensuring better memory validation and system reliability. This issue was identified by syzkaller.

Affected Version(s)

Linux 52526ca7fdb905a768a93f8faa418e9b988fc34b

Linux 52526ca7fdb905a768a93f8faa418e9b988fc34b < 28aa29986dde79e8466bc87569141291053833f5

References

https://git.kernel.org/stable/c/ca988dcdc6683ecd9de5f525c...

https://git.kernel.org/stable/c/a2cb8818a3d915cd33a1e8b2b...

https://git.kernel.org/stable/c/28aa29986dde79e8466bc8756...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON