CVE-2025-40341

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to the handling of robust list pointers during an exec() operation. Specifically, the sys get robust list() and compat get robust list() functions may incorrectly allow access to a target process's robust list pointer during a race condition with a concurrent exec(). This occurs because the ptrace may access() check, used to determine access permissions, can be bypassed if the target process transitions to a privileged state (e.g., setuid root) immediately after the permission check but before the robust list is accessed. This can lead to unauthorized disclosure of information across privilege boundaries. The issue arises from a lack of synchronization between the permission check and the exec() operation, potentially exposing sensitive memory addresses. A read lock on signal->exec update lock is recommended to prevent this race condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.