Race Condition Vulnerability in Linux Kernel Affecting Process Privilege Management
CVE-2025-40341

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 December 2025

What is CVE-2025-40341?

A race condition in the Linux kernel’s handling of the robust_list pointer may lead to unauthorized access to sensitive information during privilege transitions. Specifically, during the execution of a setuid binary, an unprivileged process may allow an attacker to access its robust_list before it transitions to a privileged state. The issue arises when the permissions check via ptrace_may_access() occurs just before a task executes the privileged binary, permitting potential exploitation of sensitive memory addresses. This vulnerability compromises intended access restrictions and enhances the risk of information disclosure across privilege boundaries. Implementing a read lock on signal->exec_update_lock ensures synchronization, mitigating the vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 0771dfefc9e538f077d0b43b6dec19a5a67d0e70 < 6511984d1aa1360181bcafb1ca75df7f291ef237

Linux 0771dfefc9e538f077d0b43b6dec19a5a67d0e70 < 4aced32596ead1820b7dbd8e40d30b30dc1f3ad4

Linux 0771dfefc9e538f077d0b43b6dec19a5a67d0e70 < 3b4222494489f6d4b8705a496dab03384b7ca998

References

https://git.kernel.org/stable/c/6511984d1aa1360181bcafb1c...
https://git.kernel.org/stable/c/4aced32596ead1820b7dbd8e4...
https://git.kernel.org/stable/c/3b4222494489f6d4b8705a496...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.