PT-2025-44110 · Linux+3 · Linux Kernel+3

Published

2025-10-01

·

Updated

2026-05-07

·

CVE-2025-40042

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a race condition in kprobe initialization that can lead to a NULL pointer dereference and kernel crash. This occurs between kprobe activation and perf events initialization. Specifically, a race condition exists where one CPU core may enable kprobe functionality before another core initializes the perf events list, leading to a crash when the second core attempts to access a NULL pointer. The crash occurs within the kprobe perf func function when attempting to read from an uninitialized perf events structure. The issue is related to the trace kprobe.c file and the kprobe perf func function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Race Condition

Weakness Enumeration

CWE-476CWE-362

Related Identifiers

AZL-68831
BDU:2025-13788
CVE-2025-40042
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-E99E-ADDE-6689
MGASA-2025-0309
MGASA-2025-0310
OESA-2025-2632
OESA-2025-2633
OESA-2025-2634
OESA-2025-2635
OESA-2025-2636
OPENSUSE-SU-2025:15702-1
OPENSUSE-SU-2026:10301-1
OPENSUSE-SU-2026:20145-1
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu