CVE-2025-40201

CVSS v2.0

5.0

Medium

Vector

AV:L/AC:H/Au:S/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to race conditions when using task lock(tsk->group leader) within the sys prlimit64() function and its associated do prlimit() path. Specifically, the code does not adequately protect against scenarios where the task structure (task struct) is freed or modified concurrently with the lock acquisition. This can occur if tsk is not the current process or is not a leader, potentially leading to the use of freed memory. Additionally, a race condition exists with mt-exec, which can alter the group leader pointer while the lock is being acquired or released. The issue is addressed by acquiring tasklist lock when necessary within sys prlimit64().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

AZL-70088

BDU:2025-14656

CVE-2025-40201

DLA-4379-1

OESA-2025-2765

OESA-2025-2766

OESA-2025-2767

OPENSUSE-SU-2025:20172-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21255-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40201

Weakness Enumeration

Related Identifiers

Affected Products

References · 2328