Lock Inversion Vulnerability in Linux Kernel's VSOCK Transport System
CVE-2025-40231

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40231?

A vulnerability in the Linux kernel's VSOCK transport system can lead to a lock inversion deadlock. This issue arises during the execution of vsock_linger() when there is a potential circular dependency between vsock_register_mutex and sk_lock-AF_VSOCK. The problem was introduced in a previous commit which altered how locks are managed around transport release calls. The resolution involves adjusting lock handling to prevent deadlock conditions while ensuring module references are correctly managed.

Affected Version(s)

Linux 8667e8d0eb46bc54fdae30ba2f4786407d3d88eb

Linux 36a439049b34cca0b3661276049b84a1f76cc21a < 09bba278ccde25a14b6e5088a9e65a8717d0cccf

Linux 9ce53e744f18e73059d3124070e960f3aa9902bf

References

https://git.kernel.org/stable/c/ce4f856c64f0bc30e29302a0c...

https://git.kernel.org/stable/c/09bba278ccde25a14b6e5088a...

https://git.kernel.org/stable/c/b44182c116778feaa05da52a4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON