EUVD-2025-201626

| CVE-2025-40319
2025-12-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Lifecycle Timeline

4
Patch Released
Mar 16, 2026 - 15:00 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 17:54 euvd
EUVD-2025-201626
Analysis Generated
Mar 15, 2026 - 17:54 vuln.today
CVE Published
Dec 08, 2025 - 01:16 nvd
N/A

Tags

Information Disclosure Linux Linux Kernel

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irq_work can be queued in bpf_ringbuf_commit() but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to sched_switch triggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer is freed before this work executes, the irq_work thread may accesses freed memory. Calling `irq_work_sync(&rb->work)` ensures that all pending irq_work complete before freeing the buffer.

Analysis

In the Linux kernel, the following vulnerability has been resolved:

bpf: Sync pending IRQ work before freeing ring buffer

Fix a race where irq_work can be queued in bpf_ringbuf_commit() but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to sched_switch triggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer is freed before this work executes, the irq_work thread may accesses freed memory. Calling irq_work_sync(&rb->work) ensures that all pending irq_work complete before freeing the buffer.

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +0
POC: 0

Share

EUVD-2025-201626 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy