Race Condition in Linux Kernel's Group Leader Handling
CVE-2025-40201
What is CVE-2025-40201?
A race condition has been identified in the Linux kernel related to the handling of group leaders during process limits adjustment. Specifically, the vulnerability lies in the sys_prlimit64() function's use of task_lock(tsk->group_leader), which can lead to dereferencing a freed task_struct if the referenced task is not the current one. This occurs when the target task exits or changes execution context, exposing a critical flaw. Additionally, concurrent modifications through mt-exec may alter the group leader during lock operations, potentially resulting in acquiring incorrect locks. The proposed solution involves modifying sys_prlimit64() to utilize tasklist_lock under certain conditions, although this approach is a workaround rather than a complete fix.
Affected Version(s)
Linux 18c91bb2d87268d23868bf13508f5bc9cf04e89a < 1bc0d9315ef5296abb2c9fd840336255850ded18
Linux 18c91bb2d87268d23868bf13508f5bc9cf04e89a < 132f827e7bac7373e1522e89709d70b43cae5342
Linux 18c91bb2d87268d23868bf13508f5bc9cf04e89a < 19b45c84bd9fd42fa97ff80c6350d604cb871c75