VYPR
Unrated severityNVD Advisory· Published Oct 24, 2025· Updated Apr 15, 2026

CVE-2025-40024

CVE-2025-40024

Description

In the Linux kernel, the following vulnerability has been resolved:

vhost: Take a reference on the task in struct vhost_task.

vhost_task_create() creates a task and keeps a reference to its task_struct. That task may exit early via a signal and its task_struct will be released. A pending vhost_task_wake() will then attempt to wake the task and access a task_struct which is no longer there.

Acquire a reference on the task_struct while creating the thread and release the reference while the struct vhost_task itself is removed. If the task exits early due to a signal, then the vhost_task_wake() will still access a valid task_struct. The wake is safe and will be skipped in this case.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

100

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.