Use After Free Vulnerability in Linux Kernel Affects Memory Management
CVE-2025-40270

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40270?

A vulnerability in the Linux kernel's memory management subsystem can lead to a use after free condition during virtual memory area (VMA) readahead. The issue arises when the readahead function attempts to access swap entries from a different swap device without holding a reference, particularly in race conditions where swapoff is executed on one device while swapin is happening on another. Though difficult to exploit, this vulnerability could potentially lead to significant stability and security issues within the operating system.

Affected Version(s)

Linux 78524b05f1a3e16a5d00cc9c6259c41a9d6003ce

Linux 78524b05f1a3e16a5d00cc9c6259c41a9d6003ce < 1c2a936edd71e133f2806e68324ec81a4eb07588

Linux 6.15

References

https://git.kernel.org/stable/c/a4145be7b56bfa87dce56415c...

https://git.kernel.org/stable/c/1c2a936edd71e133f2806e683...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON