VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Apr 15, 2026

CVE-2025-40232

CVE-2025-40232

Description

In the Linux kernel, the following vulnerability has been resolved:

rv: Fully convert enabled_monitors to use list_head as iterator

The callbacks in enabled_monitors_seq_ops are inconsistent. Some treat the iterator as struct rv_monitor *, while others treat the iterator as struct list_head *.

This causes a wrong type cast and crashes the system as reported by Nathan.

Convert everything to use struct list_head * as iterator. This also makes enabled_monitors consistent with available_monitors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel rv subsystem bug caused system crash by inconsistent iterator types in enabled_monitors_seq_ops; fixed by converting to list_head.

Vulnerability

In the Linux kernel's runtime verification (rv) subsystem, the enabled_monitors_seq_ops callbacks were inconsistent: some treated the iterator as struct rv_monitor *, while others treated it as struct list_head *. This type mismatch led to a wrong cast and caused a system crash, as reported by Nathan.

Exploitation

The bug is triggered when reading the enabled_monitors file through the seq_file interface. An attacker with local access can trigger the crash by reading this file, leading to a denial-of-service condition. No authentication is required beyond local user access.

Impact

Successful exploitation results in a system crash (kernel panic), causing denial of service for all users on the affected system.

Mitigation

The vulnerability is fixed in the Linux kernel by commit 103541e6a5854b08a25e4caa61e990af1009a52e, which converts all iterator usage to struct list_head *, making it consistent with available_monitors. Users should apply the stable kernel update containing this fix [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

2
8948a0338d33
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
103541e6a585
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.