#VU119167 Use-after-free in Linux kernel - CVE-2025-40243
Published: December 4, 2025
Vulnerability identifier: #VU119167
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40243
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfs_mdb_get() function in fs/hfs/mdb.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/2048ec5b98dbdfe0b929d2e42dc7a54c389c53dd
- https://git.kernel.org/stable/c/2a112cdd66f5a132da5235ca31a320528c86bf33
- https://git.kernel.org/stable/c/3b447fd401824e1ccf0b769188edefe866a1e676
- https://git.kernel.org/stable/c/502fa92a71f344611101bd04ef1a595b8b6014f5
- https://git.kernel.org/stable/c/bf1683078fbdd09a7f7f9b74121ebaa03432bd00
- https://git.kernel.org/stable/c/cfafefcb0e1fc60135f7040f4aed0a4aef4f76ca
- https://git.kernel.org/stable/c/e148ed5cda8fd96d4620c4622fb02f552a2d166a
- https://git.kernel.org/stable/c/fc56548fca732f3d3692c83b40db796259a03887