PT-2025-44123 · Linux+3 · Linux Kernel+3

Published

2025-09-23

·

Updated

2026-05-26

·

CVE-2025-40055

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw within the ocfs2 component related to a double free in the user cluster connect() function. Specifically, user cluster disconnect() frees a memory region, and the error handling path subsequently frees the same memory region again. This is addressed by setting the pointer to NULL after the initial free, preventing the double free condition.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2025-13642
CVE-2025-40055
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-46E0-A48F-B4CE
MGASA-2025-0309
MGASA-2025-0310
OESA-2025-2765
OESA-2025-2766
OESA-2025-2767
OPENSUSE-SU-2025:15702-1
OPENSUSE-SU-2025:20172-1
OPENSUSE-SU-2026:10301-1
SUSE-SU-2025:4393-1
SUSE-SU-2025:4422-1
SUSE-SU-2025:4505-1
SUSE-SU-2025:4515-1
SUSE-SU-2025:4516-1
SUSE-SU-2025:4517-1
SUSE-SU-2025:4521-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
SUSE-SU-2026:20039-1
SUSE-SU-2026:20059-1
SUSE-SU-2026:20473-1
SUSE-SU-2026:20496-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu