#VU117723 Use-after-free in Linux kernel - CVE-2025-40044
Published: October 28, 2025
Vulnerability identifier: #VU117723
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40044
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/1d1847812a1a5375c10a2a779338df643f79c047
- https://git.kernel.org/stable/c/3bd5e45c2ce30e239d596becd5db720f7eb83c99
- https://git.kernel.org/stable/c/459404f858213967ccfff336c41747d8dd186d38
- https://git.kernel.org/stable/c/918649364fbca7d5df72522ca795479edcd25f91
- https://git.kernel.org/stable/c/a70dcfa8d0a0cc530a6af59483dfca260b652c1b
- https://git.kernel.org/stable/c/b57f2d7d3e6bb89ed82330c5fe106cdfa34d3e24