Vsock Vulnerability in Linux Kernel Affects Socket Management
CVE-2025-40248

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 December 2025

What is CVE-2025-40248?

A vulnerability in the Linux kernel's vsock implementation can lead to improper management of established sockets during a connect operation. When a connect() call encounters a signal or timeout after a socket has already been established, it initiates disconnection processes that can interfere with ongoing data transmission, potentially raising application state inconsistencies. This race condition may lead to an elevation of unsent bytes, confusion in SOCK_LINGER management, and problematic interactions with sockmaps, ultimately risking use-after-free or null pointer dereferencing scenarios. Developers are advised to maintain disconnection logic solely for unconnected sockets to prevent these issues.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux d021c344051af91f42c5ba9fdedc176740cbd238 < 3f71753935d648082a8279a97d30efe6b85be680

Linux d021c344051af91f42c5ba9fdedc176740cbd238

Linux d021c344051af91f42c5ba9fdedc176740cbd238 < 67432915145848658149683101104e32f9fd6559

References

https://git.kernel.org/stable/c/3f71753935d648082a8279a97...
https://git.kernel.org/stable/c/da664101fb4a0de5cb70d2bae...
https://git.kernel.org/stable/c/6743291514584865814968310...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.