CVE-2025-40249

Description

In the Linux kernel, the following vulnerability has been resolved:gpio: cdev: make sure the cdev fd is still active before emitting eventsWith the final call to fput() on a file descriptor, the release actionmay be deferred and scheduled on a work queue. The reference count ofthat descriptor is still zero and it must not be used. Its possiblethat a GPIO change, we want to notify the user-space about, happensAFTER the reference count on the file descriptor associated with thecharacter device went down to zero but BEFORE the .release() callbackwas called from the workqueue and so BEFORE we unregistered from thenotifier.Using the regular get_file() routine in this situation triggers thefollowing warning: struct file::f_count incremented from zero; use-after-free condition present!So use the get_file_active() variant that will return null on filedescriptors that have been or are being released.

Risk Information

Base Score

7.1

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score

Exploitation Probability

0.027

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234