SB2025120862 - Use-after-free in Linux kernel bpf
Published: December 8, 2025
Security Bulletin ID
SB2025120862
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-40319)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ringbuf_map_alloc() function in kernel/bpf/ringbuf.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/10ca3b2eec384628bc9f5d8190aed9427ad2dde6
- https://git.kernel.org/stable/c/430e15544f11f8de26b2b5109c7152f71b78295e
- https://git.kernel.org/stable/c/47626748a2a00068dbbd5836d19076637b4e235b
- https://git.kernel.org/stable/c/4e9077638301816a7d73fa1e1b4c1db4a7e3b59c
- https://git.kernel.org/stable/c/6451141103547f4efd774e912418a3b4318046c6
- https://git.kernel.org/stable/c/de2ce6b14bc3e565708a39bdba3ef9162aeffc72
- https://git.kernel.org/stable/c/e1828c7a8d8135e21ff6adaaa9458c32aae13b11