CVE-2025-40195

Опубликовано: 12 нояб. 2025

Источник: redhat

CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully.

A flaw was found in kernel. This vulnerability allows local denial-of-service via a NULL pointer dereference in pid_nr_ns() when called with a NULL PID namespace.

Отчет

The vulnerability is a NULL pointer dereference in pid_nr_ns() when it is called with a NULL PID namespace, leading to a kernel panic from paths such as __task_pid_nr_ns() on certain platforms. In realistic setups, this is a local denial-of-service issue, likely requiring specific kernel configuration or privileges to trigger reliably. In a worst-case scenario where unprivileged users can reach this path in a controlled way, any local user could crash the system.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Fix deferred
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=2414722kernel: Linux kernel: NULL pointer dereference in mount leads to local denial of service

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-40195

ubuntu

5 месяцев назад

CVE-2025-40195

nvd

5 месяцев назад

CVE-2025-40195

CVSS3: 5.5

msrc

4 месяца назад

mount: handle NULL values in mnt_ns_release()

CVE-2025-40195

debian

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: m ...

GHSA-qhqr-659q-mhg7

github

5 месяцев назад

5.5 Medium

CVSS3