What is CVE-2025-40272?

CVE-2025-40272 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.14 onward and patched in 5.15.197, 6.1.159, 6.6.117 and others. CVE-2025-40272 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40272?

CVE-2025-40272 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40272?

Yes, CVE-2025-40272 has been patched. Fixed versions include 5.15.197, 6.1.159, 6.6.117 and others. If you are running Linux kernel 5.14 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40272 actively exploited?

CVE-2025-40272 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40272

In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with `memfd_secret(2)`, the kernel will allocate a new folio for it, mark the underlying page as not-present in the direct map, and add it to the file mapping. If two tasks cause a fault in the same page concurrently, both could end up allocating a folio and removing the page from the direct map, but only one would succeed in adding the folio to the file mapping. The task that failed undoes the effects of its attempt by (a) freeing the folio again and (b) putting the page back into the direct map. However, by doing these two operations in this order, the page becomes available to the allocator again before it is placed back in the direct mapping. If another task attempts to allocate the page between (a) and (b), and the kernel tries to access it via the direct map, it would result in a supervisor not-present page fault. Fix the ordering to restore the direct map before the folio is freed.

Package Linux Kernel

Published 2025-12-06

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.14 and later are affected. Fixed in 5.15.197, 6.1.159, 6.6.117, 6.12.59, 6.17.9, 6.18 and their respective stable series.

Affected from

≥ 5.14

Fixed in

✓ 5.15.197 5.15.x ✓ 6.1.159 6.1.x ✓ 6.6.117 6.6.x ✓ 6.12.59 6.12.x ✓ 6.17.9 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40272 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1e4643d6628edf9c0047b1f8f5bc574665025acb
Patch
Kernel patch commit
https://git.kernel.org/stable/c/42d486d35a4143cc37fc72ee66edc99d942dd367
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4444767e625da46009fc94a453fd1967b80ba047
Patch

6 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40272?

CVE-2025-40272 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.14 onward and has been patched in 5.15.197, 6.1.159, 6.6.117 and others. CVE-2025-40272 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40272?

Yes — CVE-2025-40272 has been patched. Fixed versions include 5.15.197, 6.1.159, 6.6.117 and others. If you are running Linux kernel 5.14 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40272 actively exploited?

No — CVE-2025-40272 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.