Double free in Linux kernel - CVE-2025-40055
Published: October 28, 2025
Vulnerability identifier: #VU117751
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40055
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the user_cluster_connect() function in fs/ocfs2/stack_user.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/694d5b401036a614f8080085a9de6f86ff0742dc
- https://git.kernel.org/stable/c/7e76fe9dfadbc00364d7523d5a109e9d3e4a7db2
- https://git.kernel.org/stable/c/827c8efa0d1afe817b90f3618afff552e88348d2
- https://git.kernel.org/stable/c/892f41e12c8689130d552a9eb2b77bafd26484ab
- https://git.kernel.org/stable/c/8f45f089337d924db24397f55697cda0e6960516
- https://git.kernel.org/stable/c/bfe011297ddd2d0cd64752978baaa0c04cd20573