CVE-2025-40195

Vulnerability

Overview

CVE-2025-40195 is a NULL pointer dereference vulnerability in the Linux kernel's mount subsystem. The issue occurs in the mnt_ns_release() function, which is called during the listmount() operation. When listmount() is invoked, it may pass a NULL pointer to mnt_ns_release(), and the function did not properly handle this case, leading to a potential crash [1].

Exploitation

The vulnerability can be triggered by a local user with the ability to call the listmount() system call. No special privileges are required beyond the ability to execute the syscall. The attack surface is limited to local exploitation, as the listmount() operation is a kernel interface accessible to user-space processes [1].

Impact

If successfully exploited, an attacker could cause a denial of service (DoS) by crashing the kernel due to the NULL pointer dereference. This would result in system instability or a complete system hang, requiring a reboot to restore normal operation. There is no indication of privilege escalation or data corruption from this vulnerability [1].

Mitigation

The fix has been applied in the Linux kernel stable tree via commit 2d68f8a7379d9c61005e982600c61948d4d019bd. Users are advised to update their kernel to a version containing this patch. No workarounds are documented, and the vulnerability is not known to be exploited in the wild or listed in CISA's Known Exploited Vulnerabilities catalog.