CVE-2025-40319
bpf: Sync pending IRQ work before freeing ring buffer
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irq_work can be queued in bpf_ringbuf_commit() but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to sched_switch triggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer is freed before this work executes, the irq_work thread may accesses freed memory. Calling `irq_work_sync(&rb->work)` ensures that all pending irq_work complete before freeing the buffer.
INFO
Published Date :
Dec. 8, 2025, 1:16 a.m.
Last Modified :
Dec. 8, 2025, 1:16 a.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Sync pending IRQ work before freeing the ring buffer.
- Apply the kernel patch to fix the race condition.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-40319.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-40319 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-40319
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-40319 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-40319 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 08, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irq_work can be queued in bpf_ringbuf_commit() but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to sched_switch triggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer is freed before this work executes, the irq_work thread may accesses freed memory. Calling `irq_work_sync(&rb->work)` ensures that all pending irq_work complete before freeing the buffer. Added Reference https://git.kernel.org/stable/c/10ca3b2eec384628bc9f5d8190aed9427ad2dde6 Added Reference https://git.kernel.org/stable/c/430e15544f11f8de26b2b5109c7152f71b78295e Added Reference https://git.kernel.org/stable/c/47626748a2a00068dbbd5836d19076637b4e235b Added Reference https://git.kernel.org/stable/c/4e9077638301816a7d73fa1e1b4c1db4a7e3b59c Added Reference https://git.kernel.org/stable/c/6451141103547f4efd774e912418a3b4318046c6 Added Reference https://git.kernel.org/stable/c/de2ce6b14bc3e565708a39bdba3ef9162aeffc72 Added Reference https://git.kernel.org/stable/c/e1828c7a8d8135e21ff6adaaa9458c32aae13b11