What is CVE-2025-40231?

CVE-2025-40231 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.10.240 onward and patched in 5.10.246, 5.15.196, 6.1.158 and others. CVE-2025-40231 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40231?

CVE-2025-40231 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40231?

Yes, CVE-2025-40231 has been patched. Fixed versions include 5.10.246, 5.15.196, 6.1.158 and others. If you are running Linux kernel 5.10.240 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40231 actively exploited?

CVE-2025-40231 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40231

In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsock_assign_transport() Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called. The issue was introduced by commit 687aa0c5581b ("vsock: Fix transport_* TOCTOU") which added vsock_register_mutex locking in vsock_assign_transport() around the transport->release() call, that can call vsock_linger(). vsock_assign_transport() can be called with sk_lock held. vsock_linger() calls sk_wait_event() that temporarily releases and re-acquires sk_lock. During this window, if another thread hold vsock_register_mutex while trying to acquire sk_lock, a circular dependency is created. Fix this by releasing vsock_register_mutex before calling transport->release() and vsock_deassign_transport(). This is safe because we don't need to hold vsock_register_mutex while releasing the old transport, and we ensure the new transport won't disappear by obtaining a module reference first via try_module_get().

Package Linux Kernel

Published 2025-12-04

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.10.240, 5.15.189, 6.1.146, 6.6.99, 6.12.39, 6.15.7, 6.16 and later are affected. Fixed in 5.10.246, 5.15.196, 6.1.158, 6.6.115, 6.12.56, 6.17.6, 6.18 and their respective stable series.

Affected from

≥ 5.10.240 ≥ 5.15.189 ≥ 6.1.146 ≥ 6.6.99 ≥ 6.12.39 ≥ 6.15.7 ≥ 6.16

Fixed in

✓ 5.10.246 5.10.x ✓ 5.15.196 5.15.x ✓ 6.1.158 6.1.x ✓ 6.6.115 6.6.x ✓ 6.12.56 6.12.x ✓ 6.17.6 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40231 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/09bba278ccde25a14b6e5088a9e65a8717d0cccf
Patch
Kernel patch commit
https://git.kernel.org/stable/c/251caee792a21eb0b781aab91362b422c945e162
Patch
Kernel patch commit
https://git.kernel.org/stable/c/42ed0784d11adebf748711e503af0eb9f1e6d81d
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40231?

CVE-2025-40231 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.10.240 onward and has been patched in 5.10.246, 5.15.196, 6.1.158 and others. CVE-2025-40231 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40231?

Yes — CVE-2025-40231 has been patched. Fixed versions include 5.10.246, 5.15.196, 6.1.158 and others. If you are running Linux kernel 5.10.240 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40231 actively exploited?

No — CVE-2025-40231 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.