Use-After-Free Vulnerability in Linux Kernel Affecting Secret Memory Management
CVE-2025-40272

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40272?

In the Linux kernel, a race condition was identified in the handling of faults within secret memory files created using memfd_secret(2). When concurrent memory accesses occur on the same page, tasks may inadvertently free memory and create accessibility issues. The flaw results in potential access violations due to the incorrect sequencing of memory management operations. By fixing the operation order, the direct map is correctly restored before memory is freed, addressing the vulnerability and enhancing the overall stability and security of the kernel.

Affected Version(s)

Linux 1507f51255c9ff07d75909a84e7c0d7f3c4b2f49

Linux 1507f51255c9ff07d75909a84e7c0d7f3c4b2f49 < 1e4643d6628edf9c0047b1f8f5bc574665025acb

Linux 1507f51255c9ff07d75909a84e7c0d7f3c4b2f49 < 42d486d35a4143cc37fc72ee66edc99d942dd367

References

https://git.kernel.org/stable/c/bb1c19636aedae39360e6fdbc...

https://git.kernel.org/stable/c/1e4643d6628edf9c0047b1f8f...

https://git.kernel.org/stable/c/42d486d35a4143cc37fc72ee6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON