CVE-2025-40270

EPSS 0.02%
Veröffentlicht 06.12.2025 21:50:51
Zuletzt bearbeitet 08.12.2025 18:26:49
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

mm, swap: fix potential UAF issue for VMA readahead

Since commit 78524b05f1a3 ("mm, swap: avoid redundant swap device
pinning"), the common helper for allocating and preparing a folio in the
swap cache layer no longer tries to get a swap device reference
internally, because all callers of __read_swap_cache_async are already
holding a swap entry reference.  The repeated swap device pinning isn't
needed on the same swap device.

Caller of VMA readahead is also holding a reference to the target entry's
swap device, but VMA readahead walks the page table, so it might encounter
swap entries from other devices, and call __read_swap_cache_async on
another device without holding a reference to it.

So it is possible to cause a UAF when swapoff of device A raced with
swapin on device B, and VMA readahead tries to read swap entries from
device A.  It's not easy to trigger, but in theory, it could cause real
issues.

Make VMA readahead try to get the device reference first if the swap
device is a different one from the target entry.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < a4145be7b56bfa87dce56415c3ad993071462b8a

Version 78524b05f1a3e16a5d00cc9c6259c41a9d6003ce

Status affected

Version < 1c2a936edd71e133f2806e68324ec81a4eb07588

Version 78524b05f1a3e16a5d00cc9c6259c41a9d6003ce

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.15

Status affected

Version < 6.15

Version 0

Status unaffected

Version <= 6.17.*

Version 6.17.9

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/a4145be7b56bfa87dce56415c3ad993071462b8a

https://git.kernel.org/stable/c/1c2a936edd71e133f2806e68324ec81a4eb07588

https://nvd.nist.gov/vuln/detail/CVE-2025-40270

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40270

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40270

EUVD