CVE-2025-40214

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s AF UNIX garbage collection mechanism could incorrectly collect a receive queue of an active socket. This occurs due to a failure to initialize the scc index in the unix add edge() function. The issue involves a cyclic reference with multiple sockets, leading to a misjudgment by unix vertex dead() that sockets are in the same strongly connected component (SCC) and are dead when they are still in use. The root cause is that unix add edge() does not initialize scc index, potentially leading to incorrect SCC assignments and premature garbage collection of active sockets. The vulnerability was reported by Quang Le, who provided a reproduction scenario involving three stages of socket creation, closing, and acceptance.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.