Double Free Vulnerability in Linux Kernel Affecting s390 Architecture
CVE-2025-40253

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40253?

A double free vulnerability has been identified in the Linux kernel that impacts the s390 architecture. This occurs when the mpc_rcvd_sweep_req(mpcginfo) function is called, which incorrectly frees the mpcginfo object, leading to a subsequent call to kfree in the ctcmpc_unpack_skb function attempting to free the same object again. This defect has been flagged by the clang static analyzer and has been addressed by removing the redundant kfree call to prevent potential exploitation.

Affected Version(s)

Linux 467ddbbe7e749d558f13e640f50f546149c930b3 < 06f1dd1de0d33dbfbd2e1fc9fc57d8895f730de2

Linux 0c0b20587b9f25a2ad14db7f80ebe49bdf29920a < 3b177b2ded563df16f6d5920671ffcfe5915d472

Linux 0c0b20587b9f25a2ad14db7f80ebe49bdf29920a

References

https://git.kernel.org/stable/c/06f1dd1de0d33dbfbd2e1fc9f...

https://git.kernel.org/stable/c/3b177b2ded563df16f6d59206...

https://git.kernel.org/stable/c/b9dbfb1b5699f9f1e4991f967...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON