Race Condition in Linux Kernel Affecting Inotify Functionality
CVE-2025-40237

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 December 2025

What is CVE-2025-40237?

A race condition vulnerability exists in the Linux Kernel, specifically impacting the inotify functionality. When invoking intotify_show_fdinfo() on a file descriptor associated with an overlayfs inode during the unmounting process, it can lead to a NULL pointer dereference. This occurs as a result of modifications to the inode's superblock root during shutdown operations. The issue was identified using syzkaller, revealing potential exposure to general protection faults. A proposed fix ensures that calls to exportfs_encode_fid() are protected by acquiring the s_umount lock, preventing access to de-referenced pointers once they are set to NULL. Various changes in the kernel ensure enhanced stability and performance while addressing this critical flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux a1a541fbfa7e97c1100144db34b57553d7164ce5 < 950b604384fd75d62e860bec7135b2b62eb4d508

Linux f0c0ac84de17c37e6e84da65fb920f91dada55ad

Linux 3c7c90274ae339e1ad443c9be1c67a20b80b9c76 < 3f307a9f7a7a2822e38ac451b73e2244e7279496

References

https://git.kernel.org/stable/c/950b604384fd75d62e860bec7...
https://git.kernel.org/stable/c/bc1c6b803e14ea2b8f7e33b71...
https://git.kernel.org/stable/c/3f307a9f7a7a2822e38ac451b...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.