vulnerability
Debian: CVE-2025-40319: linux, linux-6.1 -- security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:M/C:N/I:C/A:C) | Dec 15, 2025 | Dec 15, 2025 | Feb 3, 2026 |
Severity
6
CVSS
(AV:L/AC:M/Au:M/C:N/I:C/A:C)
Published
Dec 15, 2025
Added
Dec 15, 2025
Modified
Feb 3, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irq_work can be queued in bpf_ringbuf_commit() but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to sched_switch triggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer is freed before this work executes, the irq_work thread may accesses freed memory. Calling `irq_work_sync(&rb->work)` ensures that all pending irq_work complete before freeing the buffer.
Solutions
debian-upgrade-linuxdebian-upgrade-linux-6-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.