{"id":"CVE-2025-40319","summary":"bpf: Sync pending IRQ work before freeing ring buffer","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Sync pending IRQ work before freeing ring buffer\n\nFix a race where irq_work can be queued in bpf_ringbuf_commit()\nbut the ring buffer is freed before the work executes.\nIn the syzbot reproducer, a BPF program attached to sched_switch\ntriggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer\nis freed before this work executes, the irq_work thread may accesses\nfreed memory.\nCalling `irq_work_sync(&rb-\u003ework)` ensures that all pending irq_work\ncomplete before freeing the buffer.","modified":"2026-03-31T17:29:41.634248Z","published":"2025-12-08T00:46:46.448Z","related":["MGASA-2026-0017","MGASA-2026-0018","SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20145-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40319.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/10ca3b2eec384628bc9f5d8190aed9427ad2dde6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/430e15544f11f8de26b2b5109c7152f71b78295e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/47626748a2a00068dbbd5836d19076637b4e235b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4e9077638301816a7d73fa1e1b4c1db4a7e3b59c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6451141103547f4efd774e912418a3b4318046c6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/de2ce6b14bc3e565708a39bdba3ef9162aeffc72"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e1828c7a8d8135e21ff6adaaa9458c32aae13b11"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40319.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40319"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"457f44363a8894135c85b7a9afd2bd8196db24ab"},{"fixed":"47626748a2a00068dbbd5836d19076637b4e235b"},{"fixed":"de2ce6b14bc3e565708a39bdba3ef9162aeffc72"},{"fixed":"e1828c7a8d8135e21ff6adaaa9458c32aae13b11"},{"fixed":"6451141103547f4efd774e912418a3b4318046c6"},{"fixed":"10ca3b2eec384628bc9f5d8190aed9427ad2dde6"},{"fixed":"430e15544f11f8de26b2b5109c7152f71b78295e"},{"fixed":"4e9077638301816a7d73fa1e1b4c1db4a7e3b59c"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40319.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.8.0"},{"fixed":"5.10.247"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.197"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.159"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.117"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.58"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40319.json"}}],"schema_version":"1.7.5"}