Memory Management Vulnerability in Linux Kernel
CVE-2025-40274
What is CVE-2025-40274?
A vulnerability exists in the Linux kernel related to its memory management when handling guest memory file descriptors (guest_memfd). Specifically, during the removal of memory slots (memslots) from guest_memfd instances, there is a risk of writing to freed memory if the memslot is released before the corresponding guest_memfd file reference count reaches zero. This can lead to undefined behavior, including potential memory corruption and system instability. The fix involves ensuring that bindings are dropped correctly to prevent access to invalid memory during the lifecycle of the guest memory file.
Affected Version(s)
Linux a7800aa80ea4d5356b8474c2302812e9d4926fa6
Linux a7800aa80ea4d5356b8474c2302812e9d4926fa6 < 393893693a523e053f84d69320d090b93503f79f
Linux a7800aa80ea4d5356b8474c2302812e9d4926fa6