Null Pointer Dereference Vulnerability in Linux Kernel's Fanotify Functionality
CVE-2025-40072

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-40072?

The Linux Kernel contains a vulnerability in the fanotify subsystem where the function do_fanotify_mark() fails to validate the return value of mnt_ns_from_dentry() before accessing the dereferenced pointer. This oversight can lead to a NULL pointer dereference, triggering a crash when a non-mount namespace object is processed. The vulnerability has been addressed by implementing a check for the return value of mnt_ns_from_dentry() prior to dereferencing, thus improving the robustness of the fanotify operations and preventing unexpected kernel panics.

Affected Version(s)

Linux 58f5fbeb367ff6f30a2448b2cad70f70b2de4b06 < 73ce2a774ad6497cbd48dc4f8a5d699bc417f3fa

Linux 58f5fbeb367ff6f30a2448b2cad70f70b2de4b06 < 62e59ffe8787b5550ccff70c30b6f6be6a3ac3dd

Linux 6.16

References

https://git.kernel.org/stable/c/73ce2a774ad6497cbd48dc4f8...

https://git.kernel.org/stable/c/62e59ffe8787b5550ccff70c3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Apr 16, 2025

JSON