CVE-2025-40214Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized Resource9 documents6 sources
Severity
7.8HIGH
No vector
EPSS
0.1%
top 84.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedDec 4
Latest updateMar 4

Description

In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro. The repro consists of three stages. 1) 1-a. Create a single cyclic reference with many sockets 1-b. close() all sockets 1-c. Trigger GC 2) 2-a. Pass sk-A to an embryo sk-B 2-b. Pass sk-X to sk-X 2-c. Trigger GC 3) 3-a. accept() the embryo sk-B 3-b. Pa

Affected Packages6 packages

Linuxlinux/linux_kernel6.2.06.6.117+3
Debianlinux/linux_kernel< 6.1.159-1+2
Ubuntulinux/linux_kernel< 6.17.0-12.12
CVEListV5linux/linuxadfb68b39b39767d6bfb53e48c4f19c18376568620003fbb9174121b27bd1da6ebe61542ac4c327d+5
debiandebian/linux< linux 6.1.159-1 (bookworm)

🔴Vulnerability Details

4
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-oem-6.17, linux-oracle, linux-raspi, linux-realtime vulnerabilities2026-02-04
OSV
CVE-2025-40214: In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge()2025-12-04
GHSA
GHSA-g3xr-84mj-fvx6: In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge()2025-12-04
OSV
af_unix: Initialise scc_index in unix_add_edge().2025-12-04

📋Vendor Advisories

4
Ubuntu
Kernel Live Patch Security Notice2026-03-04
Ubuntu
Linux kernel vulnerabilities2026-02-04
Red Hat
kernel: af_unix: Initialise scc_index in unix_add_edge()2025-12-04
Debian
CVE-2025-40214: linux - In the Linux kernel, the following vulnerability has been resolved: af_unix: In...2025