cvelistv5 - cve-2025-40178

CVE-2025-40178 (GCVE-0-2025-40178)

Vulnerability from cvelistv5

Published

2025-11-12 21:56

Modified

2025-11-12 21:56

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pid_nr_ns __task_pid_nr_ns ns = task_active_pid_ns(current); pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns); if (pid && ns->level <= pid->level) { Sometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns. For example: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault Data abort info: ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000 [0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000 pstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __task_pid_nr_ns+0x74/0xd0 lr : __task_pid_nr_ns+0x24/0xd0 sp : ffffffc08001bd10 x29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001 x26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31 x23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0 x20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000 x17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc x14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800 x11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001 x8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449 x5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0 Call trace: __task_pid_nr_ns+0x74/0xd0 ... __handle_irq_event_percpu+0xd4/0x284 handle_irq_event+0x48/0xb0 handle_fasteoi_irq+0x160/0x2d8 generic_handle_domain_irq+0x44/0x60 gic_handle_irq+0x4c/0x114 call_on_irq_stack+0x3c/0x74 do_interrupt_handler+0x4c/0x84 el1_interrupt+0x34/0x58 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x68/0x6c account_kernel_stack+0x60/0x144 exit_task_stack_account+0x1c/0x80 do_exit+0x7e4/0xaf8 ... get_signal+0x7bc/0x8d8 do_notify_resume+0x128/0x828 el0_svc+0x6c/0x70 el0t_64_sync_handler+0x68/0xbc el0t_64_sync+0x1a8/0x1ac Code: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt

References

URL

Tags

	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/09d227c59d97efda7d5cc878a4335a6b2bb224c2
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2076b916bf41be48799d1443df0f8fc75d12ccd0
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/75dbc029c5359438be4a6f908bfbfdab969af776
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a0212978af1825b37da0b453b94d9b0e5af11478
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c2d09d724856b6f82ab688f65fc1ce833bb56333
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c3b654021931dc806ba086c549e8756c3f204a67
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e10c36a771c5cc910abd9fe4aa9033ee32a47c38

Impacted products

Vendor

Product

Version

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/pid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "75dbc029c5359438be4a6f908bfbfdab969af776",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c2d09d724856b6f82ab688f65fc1ce833bb56333",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c3b654021931dc806ba086c549e8756c3f204a67",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e10c36a771c5cc910abd9fe4aa9033ee32a47c38",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "09d227c59d97efda7d5cc878a4335a6b2bb224c2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2076b916bf41be48799d1443df0f8fc75d12ccd0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a0212978af1825b37da0b453b94d9b0e5af11478",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "006568ab4c5ca2309ceb36fa553e390b4aa9c0c7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/pid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.157",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.113",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.54",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18-rc1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npid: Add a judgment for ns null in pid_nr_ns\n\n__task_pid_nr_ns\n        ns = task_active_pid_ns(current);\n        pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);\n                if (pid \u0026\u0026 ns-\u003elevel \u003c= pid-\u003elevel) {\n\nSometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.\n\nFor example:\n\tUnable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n\tMem abort info:\n\tESR = 0x0000000096000007\n\tEC = 0x25: DABT (current EL), IL = 32 bits\n\tSET = 0, FnV = 0\n\tEA = 0, S1PTW = 0\n\tFSC = 0x07: level 3 translation fault\n\tData abort info:\n\tISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\n\tCM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\tGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\tuser pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000\n\t[0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000\n\tpstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n\tpc : __task_pid_nr_ns+0x74/0xd0\n\tlr : __task_pid_nr_ns+0x24/0xd0\n\tsp : ffffffc08001bd10\n\tx29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001\n\tx26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31\n\tx23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0\n\tx20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000\n\tx17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc\n\tx14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800\n\tx11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001\n\tx8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449\n\tx5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc\n\tx2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0\n\tCall trace:\n\t__task_pid_nr_ns+0x74/0xd0\n\t...\n\t__handle_irq_event_percpu+0xd4/0x284\n\thandle_irq_event+0x48/0xb0\n\thandle_fasteoi_irq+0x160/0x2d8\n\tgeneric_handle_domain_irq+0x44/0x60\n\tgic_handle_irq+0x4c/0x114\n\tcall_on_irq_stack+0x3c/0x74\n\tdo_interrupt_handler+0x4c/0x84\n\tel1_interrupt+0x34/0x58\n\tel1h_64_irq_handler+0x18/0x24\n\tel1h_64_irq+0x68/0x6c\n\taccount_kernel_stack+0x60/0x144\n\texit_task_stack_account+0x1c/0x80\n\tdo_exit+0x7e4/0xaf8\n\t...\n\tget_signal+0x7bc/0x8d8\n\tdo_notify_resume+0x128/0x828\n\tel0_svc+0x6c/0x70\n\tel0t_64_sync_handler+0x68/0xbc\n\tel0t_64_sync+0x1a8/0x1ac\n\tCode: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69)\n\t---[ end trace 0000000000000000 ]---\n\tKernel panic - not syncing: Oops: Fatal exception in interrupt"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-12T21:56:24.051Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/75dbc029c5359438be4a6f908bfbfdab969af776"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2d09d724856b6f82ab688f65fc1ce833bb56333"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3b654021931dc806ba086c549e8756c3f204a67"
        },
        {
          "url": "https://git.kernel.org/stable/c/e10c36a771c5cc910abd9fe4aa9033ee32a47c38"
        },
        {
          "url": "https://git.kernel.org/stable/c/09d227c59d97efda7d5cc878a4335a6b2bb224c2"
        },
        {
          "url": "https://git.kernel.org/stable/c/2076b916bf41be48799d1443df0f8fc75d12ccd0"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0212978af1825b37da0b453b94d9b0e5af11478"
        },
        {
          "url": "https://git.kernel.org/stable/c/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7"
        }
      ],
      "title": "pid: Add a judgment for ns null in pid_nr_ns",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40178",
    "datePublished": "2025-11-12T21:56:24.051Z",
    "dateReserved": "2025-04-16T07:20:57.177Z",
    "dateUpdated": "2025-11-12T21:56:24.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-40178\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-11-12T22:15:44.480\",\"lastModified\":\"2025-11-14T16:42:30.503\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\npid: Add a judgment for ns null in pid_nr_ns\\n\\n__task_pid_nr_ns\\n        ns = task_active_pid_ns(current);\\n        pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);\\n                if (pid \u0026\u0026 ns-\u003elevel \u003c= pid-\u003elevel) {\\n\\nSometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.\\n\\nFor example:\\n\\tUnable to handle kernel NULL pointer dereference at virtual address 0000000000000058\\n\\tMem abort info:\\n\\tESR = 0x0000000096000007\\n\\tEC = 0x25: DABT (current EL), IL = 32 bits\\n\\tSET = 0, FnV = 0\\n\\tEA = 0, S1PTW = 0\\n\\tFSC = 0x07: level 3 translation fault\\n\\tData abort info:\\n\\tISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\\n\\tCM = 0, WnR = 0, TnD = 0, TagAccess = 0\\n\\tGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\\n\\tuser pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000\\n\\t[0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000\\n\\tpstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\\n\\tpc : __task_pid_nr_ns+0x74/0xd0\\n\\tlr : __task_pid_nr_ns+0x24/0xd0\\n\\tsp : ffffffc08001bd10\\n\\tx29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001\\n\\tx26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31\\n\\tx23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0\\n\\tx20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000\\n\\tx17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc\\n\\tx14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800\\n\\tx11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001\\n\\tx8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449\\n\\tx5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc\\n\\tx2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0\\n\\tCall trace:\\n\\t__task_pid_nr_ns+0x74/0xd0\\n\\t...\\n\\t__handle_irq_event_percpu+0xd4/0x284\\n\\thandle_irq_event+0x48/0xb0\\n\\thandle_fasteoi_irq+0x160/0x2d8\\n\\tgeneric_handle_domain_irq+0x44/0x60\\n\\tgic_handle_irq+0x4c/0x114\\n\\tcall_on_irq_stack+0x3c/0x74\\n\\tdo_interrupt_handler+0x4c/0x84\\n\\tel1_interrupt+0x34/0x58\\n\\tel1h_64_irq_handler+0x18/0x24\\n\\tel1h_64_irq+0x68/0x6c\\n\\taccount_kernel_stack+0x60/0x144\\n\\texit_task_stack_account+0x1c/0x80\\n\\tdo_exit+0x7e4/0xaf8\\n\\t...\\n\\tget_signal+0x7bc/0x8d8\\n\\tdo_notify_resume+0x128/0x828\\n\\tel0_svc+0x6c/0x70\\n\\tel0t_64_sync_handler+0x68/0xbc\\n\\tel0t_64_sync+0x1a8/0x1ac\\n\\tCode: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69)\\n\\t---[ end trace 0000000000000000 ]---\\n\\tKernel panic - not syncing: Oops: Fatal exception in interrupt\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/09d227c59d97efda7d5cc878a4335a6b2bb224c2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2076b916bf41be48799d1443df0f8fc75d12ccd0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/75dbc029c5359438be4a6f908bfbfdab969af776\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a0212978af1825b37da0b453b94d9b0e5af11478\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c2d09d724856b6f82ab688f65fc1ce833bb56333\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c3b654021931dc806ba086c549e8756c3f204a67\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e10c36a771c5cc910abd9fe4aa9033ee32a47c38\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

fkie_cve-2025-40178

Vulnerability from fkie_nvd

Published

2025-11-12 22:15

Modified

2025-11-14 16:42

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/09d227c59d97efda7d5cc878a4335a6b2bb224c2
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/2076b916bf41be48799d1443df0f8fc75d12ccd0
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/75dbc029c5359438be4a6f908bfbfdab969af776
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a0212978af1825b37da0b453b94d9b0e5af11478
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c2d09d724856b6f82ab688f65fc1ce833bb56333
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c3b654021931dc806ba086c549e8756c3f204a67
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e10c36a771c5cc910abd9fe4aa9033ee32a47c38

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npid: Add a judgment for ns null in pid_nr_ns\n\n__task_pid_nr_ns\n        ns = task_active_pid_ns(current);\n        pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);\n                if (pid \u0026\u0026 ns-\u003elevel \u003c= pid-\u003elevel) {\n\nSometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.\n\nFor example:\n\tUnable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n\tMem abort info:\n\tESR = 0x0000000096000007\n\tEC = 0x25: DABT (current EL), IL = 32 bits\n\tSET = 0, FnV = 0\n\tEA = 0, S1PTW = 0\n\tFSC = 0x07: level 3 translation fault\n\tData abort info:\n\tISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\n\tCM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\tGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\tuser pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000\n\t[0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000\n\tpstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n\tpc : __task_pid_nr_ns+0x74/0xd0\n\tlr : __task_pid_nr_ns+0x24/0xd0\n\tsp : ffffffc08001bd10\n\tx29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001\n\tx26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31\n\tx23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0\n\tx20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000\n\tx17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc\n\tx14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800\n\tx11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001\n\tx8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449\n\tx5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc\n\tx2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0\n\tCall trace:\n\t__task_pid_nr_ns+0x74/0xd0\n\t...\n\t__handle_irq_event_percpu+0xd4/0x284\n\thandle_irq_event+0x48/0xb0\n\thandle_fasteoi_irq+0x160/0x2d8\n\tgeneric_handle_domain_irq+0x44/0x60\n\tgic_handle_irq+0x4c/0x114\n\tcall_on_irq_stack+0x3c/0x74\n\tdo_interrupt_handler+0x4c/0x84\n\tel1_interrupt+0x34/0x58\n\tel1h_64_irq_handler+0x18/0x24\n\tel1h_64_irq+0x68/0x6c\n\taccount_kernel_stack+0x60/0x144\n\texit_task_stack_account+0x1c/0x80\n\tdo_exit+0x7e4/0xaf8\n\t...\n\tget_signal+0x7bc/0x8d8\n\tdo_notify_resume+0x128/0x828\n\tel0_svc+0x6c/0x70\n\tel0t_64_sync_handler+0x68/0xbc\n\tel0t_64_sync+0x1a8/0x1ac\n\tCode: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69)\n\t---[ end trace 0000000000000000 ]---\n\tKernel panic - not syncing: Oops: Fatal exception in interrupt"
    }
  ],
  "id": "CVE-2025-40178",
  "lastModified": "2025-11-14T16:42:30.503",
  "metrics": {},
  "published": "2025-11-12T22:15:44.480",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/09d227c59d97efda7d5cc878a4335a6b2bb224c2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2076b916bf41be48799d1443df0f8fc75d12ccd0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/75dbc029c5359438be4a6f908bfbfdab969af776"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a0212978af1825b37da0b453b94d9b0e5af11478"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c2d09d724856b6f82ab688f65fc1ce833bb56333"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c3b654021931dc806ba086c549e8756c3f204a67"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e10c36a771c5cc910abd9fe4aa9033ee32a47c38"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CERTFR-2025-AVI-1048

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Debian	Debian	Debian LTS bullseye versions antérieures à 6.1.158-1~deb11u1

References

Title

Publication Time

Tags

Bulletin de sécurité Debian LTS DLA-4379-1

2025-11-25

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Debian LTS bullseye versions ant\u00e9rieures \u00e0 6.1.158-1~deb11u1",
      "product": {
        "name": "Debian",
        "vendor": {
          "name": "Debian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-39987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
    },
    {
      "name": "CVE-2025-21861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
    },
    {
      "name": "CVE-2025-40156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40156"
    },
    {
      "name": "CVE-2025-40055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
    },
    {
      "name": "CVE-2025-40029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
    },
    {
      "name": "CVE-2025-40008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40008"
    },
    {
      "name": "CVE-2025-40048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
    },
    {
      "name": "CVE-2025-40043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
    },
    {
      "name": "CVE-2025-39973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
    },
    {
      "name": "CVE-2025-39943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39943"
    },
    {
      "name": "CVE-2025-39945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
    },
    {
      "name": "CVE-2025-40100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40100"
    },
    {
      "name": "CVE-2025-40019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
    },
    {
      "name": "CVE-2025-40081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
    },
    {
      "name": "CVE-2025-40026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
    },
    {
      "name": "CVE-2025-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40153"
    },
    {
      "name": "CVE-2025-40103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
    },
    {
      "name": "CVE-2025-40121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40121"
    },
    {
      "name": "CVE-2025-40204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40204"
    },
    {
      "name": "CVE-2025-40171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40171"
    },
    {
      "name": "CVE-2025-40056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40056"
    },
    {
      "name": "CVE-2025-40125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40125"
    },
    {
      "name": "CVE-2025-40187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40187"
    },
    {
      "name": "CVE-2025-40092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
    },
    {
      "name": "CVE-2025-39967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
    },
    {
      "name": "CVE-2025-40107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40107"
    },
    {
      "name": "CVE-2025-40115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40115"
    },
    {
      "name": "CVE-2025-40198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40198"
    },
    {
      "name": "CVE-2025-39942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39942"
    },
    {
      "name": "CVE-2025-39929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
    },
    {
      "name": "CVE-2025-39949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
    },
    {
      "name": "CVE-2025-40173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40173"
    },
    {
      "name": "CVE-2025-40190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40190"
    },
    {
      "name": "CVE-2025-40010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40010"
    },
    {
      "name": "CVE-2025-39944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39944"
    },
    {
      "name": "CVE-2025-40202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40202"
    },
    {
      "name": "CVE-2025-39953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
    },
    {
      "name": "CVE-2025-40167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40167"
    },
    {
      "name": "CVE-2025-39969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
    },
    {
      "name": "CVE-2025-40194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40194"
    },
    {
      "name": "CVE-2025-40104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40104"
    },
    {
      "name": "CVE-2025-40001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40001"
    },
    {
      "name": "CVE-2025-40035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
    },
    {
      "name": "CVE-2025-39988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39988"
    },
    {
      "name": "CVE-2025-40020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
    },
    {
      "name": "CVE-2025-40188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40188"
    },
    {
      "name": "CVE-2025-40186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40186"
    },
    {
      "name": "CVE-2025-40013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40013"
    },
    {
      "name": "CVE-2025-40049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
    },
    {
      "name": "CVE-2025-40070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40070"
    },
    {
      "name": "CVE-2025-40106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
    },
    {
      "name": "CVE-2025-40205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40205"
    },
    {
      "name": "CVE-2025-39977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39977"
    },
    {
      "name": "CVE-2025-40027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
    },
    {
      "name": "CVE-2025-39970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
    },
    {
      "name": "CVE-2025-40032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40032"
    },
    {
      "name": "CVE-2025-39994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
    },
    {
      "name": "CVE-2025-40088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
    },
    {
      "name": "CVE-2025-40062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40062"
    },
    {
      "name": "CVE-2025-40197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40197"
    },
    {
      "name": "CVE-2025-40109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40109"
    },
    {
      "name": "CVE-2025-40006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40006"
    },
    {
      "name": "CVE-2025-40011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40011"
    },
    {
      "name": "CVE-2025-40085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
    },
    {
      "name": "CVE-2025-40176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40176"
    },
    {
      "name": "CVE-2025-40193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40193"
    },
    {
      "name": "CVE-2025-40201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40201"
    },
    {
      "name": "CVE-2025-40084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40084"
    },
    {
      "name": "CVE-2025-40183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40183"
    },
    {
      "name": "CVE-2025-39998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
    },
    {
      "name": "CVE-2025-40134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40134"
    },
    {
      "name": "CVE-2025-39968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
    },
    {
      "name": "CVE-2025-39986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39986"
    },
    {
      "name": "CVE-2025-39955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
    },
    {
      "name": "CVE-2025-40078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
    },
    {
      "name": "CVE-2025-40116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40116"
    },
    {
      "name": "CVE-2025-39934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
    },
    {
      "name": "CVE-2025-39978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39978"
    },
    {
      "name": "CVE-2025-40179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40179"
    },
    {
      "name": "CVE-2025-40127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40127"
    },
    {
      "name": "CVE-2025-39996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39996"
    },
    {
      "name": "CVE-2025-40053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
    },
    {
      "name": "CVE-2025-39951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39951"
    },
    {
      "name": "CVE-2025-40120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40120"
    },
    {
      "name": "CVE-2025-39938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39938"
    },
    {
      "name": "CVE-2025-39982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39982"
    },
    {
      "name": "CVE-2025-40040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40040"
    },
    {
      "name": "CVE-2025-40207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40207"
    },
    {
      "name": "CVE-2025-40095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40095"
    },
    {
      "name": "CVE-2025-40118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40118"
    },
    {
      "name": "CVE-2025-40021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
    },
    {
      "name": "CVE-2025-39964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
    },
    {
      "name": "CVE-2025-39993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
    },
    {
      "name": "CVE-2025-40044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
    },
    {
      "name": "CVE-2025-40105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
    },
    {
      "name": "CVE-2025-40112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40112"
    },
    {
      "name": "CVE-2025-39971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
    },
    {
      "name": "CVE-2025-40154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
    },
    {
      "name": "CVE-2025-40093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40093"
    },
    {
      "name": "CVE-2025-40099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
    },
    {
      "name": "CVE-2025-40126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40126"
    },
    {
      "name": "CVE-2025-39972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
    },
    {
      "name": "CVE-2025-40018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40018"
    },
    {
      "name": "CVE-2025-40200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40200"
    },
    {
      "name": "CVE-2025-40124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40124"
    },
    {
      "name": "CVE-2025-40094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
    },
    {
      "name": "CVE-2025-40080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40080"
    },
    {
      "name": "CVE-2025-40111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40111"
    },
    {
      "name": "CVE-2025-40068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
    },
    {
      "name": "CVE-2025-40042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
    },
    {
      "name": "CVE-2025-39957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39957"
    },
    {
      "name": "CVE-2025-39931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39931"
    },
    {
      "name": "CVE-2025-39937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
    },
    {
      "name": "CVE-2025-40060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
    },
    {
      "name": "CVE-2025-40123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40123"
    },
    {
      "name": "CVE-2025-40178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40178"
    },
    {
      "name": "CVE-2025-39985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
    },
    {
      "name": "CVE-2025-40141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40141"
    },
    {
      "name": "CVE-2025-39946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
    },
    {
      "name": "CVE-2025-39980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
    },
    {
      "name": "CVE-2025-40036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40036"
    },
    {
      "name": "CVE-2025-40030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
    },
    {
      "name": "CVE-2025-39995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39995"
    },
    {
      "name": "CVE-2025-40096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
    },
    {
      "name": "CVE-2025-40022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40022"
    },
    {
      "name": "CVE-2025-40140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40140"
    },
    {
      "name": "CVE-2025-40051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40051"
    },
    {
      "name": "CVE-2025-40087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
    }
  ],
  "initial_release_date": "2025-11-28T00:00:00",
  "last_revision_date": "2025-11-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1048",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian LTS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
  "vendor_advisories": [
    {
      "published_at": "2025-11-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Debian LTS DLA-4379-1",
      "url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00022.html"
    }
  ]
}

ghsa-5jxr-32rq-mpr8

Vulnerability from github

Published

2025-11-13 00:30

Modified

2025-11-13 00:30

Details

In the Linux kernel, the following vulnerability has been resolved:

pid: Add a judgment for ns null in pid_nr_ns

__task_pid_nr_ns ns = task_active_pid_ns(current); pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns); if (pid && ns->level <= pid->level) {

Sometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.

For example: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault Data abort info: ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000 [0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000 pstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __task_pid_nr_ns+0x74/0xd0 lr : __task_pid_nr_ns+0x24/0xd0 sp : ffffffc08001bd10 x29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001 x26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31 x23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0 x20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000 x17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc x14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800 x11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001 x8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449 x5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0 Call trace: __task_pid_nr_ns+0x74/0xd0 ... __handle_irq_event_percpu+0xd4/0x284 handle_irq_event+0x48/0xb0 handle_fasteoi_irq+0x160/0x2d8 generic_handle_domain_irq+0x44/0x60 gic_handle_irq+0x4c/0x114 call_on_irq_stack+0x3c/0x74 do_interrupt_handler+0x4c/0x84 el1_interrupt+0x34/0x58 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x68/0x6c account_kernel_stack+0x60/0x144 exit_task_stack_account+0x1c/0x80 do_exit+0x7e4/0xaf8 ... get_signal+0x7bc/0x8d8 do_notify_resume+0x128/0x828 el0_svc+0x6c/0x70 el0t_64_sync_handler+0x68/0xbc el0t_64_sync+0x1a8/0x1ac Code: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40178"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-12T22:15:44Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npid: Add a judgment for ns null in pid_nr_ns\n\n__task_pid_nr_ns\n        ns = task_active_pid_ns(current);\n        pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);\n                if (pid \u0026\u0026 ns-\u003elevel \u003c= pid-\u003elevel) {\n\nSometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.\n\nFor example:\n\tUnable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n\tMem abort info:\n\tESR = 0x0000000096000007\n\tEC = 0x25: DABT (current EL), IL = 32 bits\n\tSET = 0, FnV = 0\n\tEA = 0, S1PTW = 0\n\tFSC = 0x07: level 3 translation fault\n\tData abort info:\n\tISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\n\tCM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\tGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\tuser pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000\n\t[0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000\n\tpstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n\tpc : __task_pid_nr_ns+0x74/0xd0\n\tlr : __task_pid_nr_ns+0x24/0xd0\n\tsp : ffffffc08001bd10\n\tx29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001\n\tx26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31\n\tx23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0\n\tx20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000\n\tx17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc\n\tx14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800\n\tx11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001\n\tx8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449\n\tx5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc\n\tx2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0\n\tCall trace:\n\t__task_pid_nr_ns+0x74/0xd0\n\t...\n\t__handle_irq_event_percpu+0xd4/0x284\n\thandle_irq_event+0x48/0xb0\n\thandle_fasteoi_irq+0x160/0x2d8\n\tgeneric_handle_domain_irq+0x44/0x60\n\tgic_handle_irq+0x4c/0x114\n\tcall_on_irq_stack+0x3c/0x74\n\tdo_interrupt_handler+0x4c/0x84\n\tel1_interrupt+0x34/0x58\n\tel1h_64_irq_handler+0x18/0x24\n\tel1h_64_irq+0x68/0x6c\n\taccount_kernel_stack+0x60/0x144\n\texit_task_stack_account+0x1c/0x80\n\tdo_exit+0x7e4/0xaf8\n\t...\n\tget_signal+0x7bc/0x8d8\n\tdo_notify_resume+0x128/0x828\n\tel0_svc+0x6c/0x70\n\tel0t_64_sync_handler+0x68/0xbc\n\tel0t_64_sync+0x1a8/0x1ac\n\tCode: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69)\n\t---[ end trace 0000000000000000 ]---\n\tKernel panic - not syncing: Oops: Fatal exception in interrupt",
  "id": "GHSA-5jxr-32rq-mpr8",
  "modified": "2025-11-13T00:30:17Z",
  "published": "2025-11-13T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40178"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09d227c59d97efda7d5cc878a4335a6b2bb224c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2076b916bf41be48799d1443df0f8fc75d12ccd0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/75dbc029c5359438be4a6f908bfbfdab969af776"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0212978af1825b37da0b453b94d9b0e5af11478"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2d09d724856b6f82ab688f65fc1ce833bb56333"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c3b654021931dc806ba086c549e8756c3f204a67"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e10c36a771c5cc910abd9fe4aa9033ee32a47c38"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-40178 (GCVE-0-2025-40178)

Vulnerability from cvelistv5

fkie_cve-2025-40178

Vulnerability from fkie_nvd

CERTFR-2025-AVI-1048

Vulnerability from certfr_avis

Solutions

ghsa-5jxr-32rq-mpr8

Vulnerability from github

Tags

Sightings

Nomenclature