SB2025102891 - Use-after-free in Linux kernel udf
Published: October 28, 2025
Security Bulletin ID
SB2025102891
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-40044)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1d1847812a1a5375c10a2a779338df643f79c047
- https://git.kernel.org/stable/c/3bd5e45c2ce30e239d596becd5db720f7eb83c99
- https://git.kernel.org/stable/c/459404f858213967ccfff336c41747d8dd186d38
- https://git.kernel.org/stable/c/918649364fbca7d5df72522ca795479edcd25f91
- https://git.kernel.org/stable/c/a70dcfa8d0a0cc530a6af59483dfca260b652c1b
- https://git.kernel.org/stable/c/b57f2d7d3e6bb89ed82330c5fe106cdfa34d3e24