Linux Kernel AFS Vulnerability in Server Handling
CVE-2025-40010

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40010?

A vulnerability in the Linux kernel's AFS module has been identified, where the function afs_put_server() improperly accessed server->debug_id without verifying if the pointer was NULL. This scenario can potentially lead to a null pointer dereference, causing system instability or crashes. The issue has been addressed by adjusting the code to ensure that the debug_id assignment occurs only after confirming that the server pointer is valid, thus preventing any unauthorized memory access.

Affected Version(s)

Linux 2757a4dc184997c66ef1de32636f73b9f21aac14 < 7b8381f3c405b864a814d747e526e078c3ef4bc2

Linux 2757a4dc184997c66ef1de32636f73b9f21aac14

References

https://git.kernel.org/stable/c/7b8381f3c405b864a814d747e...

https://git.kernel.org/stable/c/cab278cead49a547ac84c3e18...

https://git.kernel.org/stable/c/a13dbc5e20c7284b82afe6f08...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON