SB2025102141 - NULL pointer dereference in Linux kernel afs
Published: October 21, 2025
Security Bulletin ID
SB2025102141
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-40010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the afs_use_server() function in fs/afs/server.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/41782c44bb8431c43043129ae42f2ba614938479
- https://git.kernel.org/stable/c/7b8381f3c405b864a814d747e526e078c3ef4bc2
- https://git.kernel.org/stable/c/9158c6bb245113d4966df9b2ba602197a379412e
- https://git.kernel.org/stable/c/a13dbc5e20c7284b82afe6f08debdecf51d2ca04
- https://git.kernel.org/stable/c/cab278cead49a547ac84c3e185f446f381303eae