[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-40040":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":110,"related":111,"reserved_at":9,"published_at":137,"modified_at":138,"state":139,"summary":140,"references_raw":149,"kevs":184,"epss":185,"epss_history":188,"metrics":463,"affected":469},"CVE-2025-40040","In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ksm: fix flag-dropping behavior in ksm_madvise\n\nsyzkaller discovered the following crash: (kernel BUG)\n\n[   44.607039] ------------[ cut here ]------------\n[   44.607422] kernel BUG at mm/userfaultfd.c:2067!\n[   44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[   44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none)\n[   44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[   44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460\n\n\u003Csnip other registers, drop unreliable trace>\n\n[   44.617726] Call Trace:\n[   44.617926]  \u003CTASK>\n[   44.619284]  userfaultfd_release+0xef/0x1b0\n[   44.620976]  __fput+0x3f9/0xb60\n[   44.621240]  fput_close_sync+0x110/0x210\n[   44.622222]  __x64_sys_close+0x8f/0x120\n[   44.622530]  do_syscall_64+0x5b/0x2f0\n[   44.622840]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[   44.623244] RIP: 0033:0x7f365bb3f227\n\nKernel panics because it detects UFFD inconsistency during\nuserfaultfd_release_all().  Specifically, a VMA which has a valid pointer\nto vma->vm_userfaultfd_ctx, but no UFFD flags in vma->vm_flags.\n\nThe inconsistency is caused in ksm_madvise(): when user calls madvise()\nwith MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode,\nit accidentally clears all flags stored in the upper 32 bits of\nvma->vm_flags.\n\nAssuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and\nint are 32-bit wide.  This setup causes the following mishap during the &=\n~VM_MERGEABLE assignment.\n\nVM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000'0000. \nAfter ~ is applied, it becomes 0x7fff'ffff unsigned int, which is then\npromoted to unsigned long before the & operation.  This promotion fills\nupper 32 bits with leading 0s, as we're doing unsigned conversion (and\neven for a signed conversion, this wouldn't help as the leading bit is 0).\n& operation thus ends up AND-ing vm_flags with 0x0000'0000'7fff'ffff\ninstead of intended 0xffff'ffff'7fff'ffff and hence accidentally clears\nthe upper 32-bits of its value.\n\nFix it by changing `VM_MERGEABLE` constant to unsigned long, using the\nBIT() macro.\n\nNote: other VM_* flags are not affected: This only happens to the\nVM_MERGEABLE flag, as the other VM_* flags are all constants of type int\nand after ~ operation, they end up with leading 1 and are thus converted\nto unsigned long with leading 1s.\n\nNote 2:\nAfter commit 31defc3b01d9 (\"userfaultfd: remove (VM_)BUG_ON()s\"), this is\nno longer a kernel BUG, but a WARNING at the same place:\n\n[   45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067\n\nbut the root-cause (flag-drop) remains the same.\n\n[akpm@linux-foundation.org: rust bindgen wasn't able to handle BIT(), from Miguel]",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108],{"_key":23},"DLA-4379-1",{"_key":25},"DSA-6053-1",{"_key":27},"SUSE-SU-2025:4506-1",{"_key":29},"SUSE-SU-2026:0032-1",{"_key":31},"SUSE-SU-2026:0033-1",{"_key":33},"SUSE-SU-2026:0034-1",{"_key":35},"SUSE-SU-2025:4505-1",{"_key":37},"OPENSUSE-SU-2026:10301-1",{"_key":39},"SUSE-SU-2025:21080-1",{"_key":41},"SUSE-SU-2025:21147-1",{"_key":43},"SUSE-SU-2025:21180-1",{"_key":45},"SUSE-SU-2025:4393-1",{"_key":47},"SUSE-SU-2025:4515-1",{"_key":49},"SUSE-SU-2025:4516-1",{"_key":51},"SUSE-SU-2025:4517-1",{"_key":53},"SUSE-SU-2025:4530-1",{"_key":55},"SUSE-SU-2026:0029-1",{"_key":57},"SUSE-SU-2026:20039-1",{"_key":59},"SUSE-SU-2026:20059-1",{"_key":61},"SUSE-SU-2026:20473-1",{"_key":63},"SUSE-SU-2026:20496-1",{"_key":65},"SUSE-SU-2025:4422-1",{"_key":67},"SUSE-SU-2025:4521-1",{"_key":69},"OPENSUSE-SU-2025:15702-1",{"_key":71},"OPENSUSE-SU-2025:20091-1",{"_key":73},"MGASA-2025-0309",{"_key":75},"MGASA-2025-0310",{"_key":77},"USN-8029-1",{"_key":79},"USN-8029-2",{"_key":81},"USN-8029-3",{"_key":83},"USN-8030-1",{"_key":85},"DEBIAN-CVE-2025-40040",{"_key":87},"USN-8096-1",{"_key":89},"USN-8096-2",{"_key":91},"USN-8096-3",{"_key":93},"USN-8096-4",{"_key":95},"USN-8096-5",{"_key":97},"USN-8116-1",{"_key":99},"USN-8141-1",{"_key":101},"USN-8163-1",{"_key":103},"USN-8163-2",{"_key":105},"USN-8243-1",{"_key":107},"UBUNTU-CVE-2025-40040",{"_key":109},"USN-8048-1",[],[112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136],{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},"2025-10-28T11:48:20.395Z","2026-05-11T21:41:19.151Z","Analyzed",{"cisa_kev":141,"cisa_ransomware":141,"cisa_vendor":9,"epss_severity":142,"epss_score":143,"severity":144,"severity_score":145,"severity_version":146,"severity_source":147,"severity_vector":148,"severity_status":139},false,"low",0.00013,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[150,156,160,164,168,172,176,180],{"url":151,"sources":152,"tags":154},"https://git.kernel.org/stable/c/850f1ea245bdc0ce6a3fd36bfb80d8cf9647cb71",[153,147],"cve.org",[155],"Patch",{"url":157,"sources":158,"tags":159},"https://git.kernel.org/stable/c/788e5385d0ff69cdba1cabccb9dab8d9647b9239",[153,147],[155],{"url":161,"sources":162,"tags":163},"https://git.kernel.org/stable/c/b69f19244c2b6475c8a6eb72f0fb0d53509e48cd",[153,147],[155],{"url":165,"sources":166,"tags":167},"https://git.kernel.org/stable/c/41cb9fd904fe0c39d52e82dd84dc3c96b7aa9693",[153,147],[155],{"url":169,"sources":170,"tags":171},"https://git.kernel.org/stable/c/92b82e232b8d8b116ac6e57aeae7a6033db92c60",[153,147],[155],{"url":173,"sources":174,"tags":175},"https://git.kernel.org/stable/c/ac50c6e0a8f91a02b681af81abb2362fbb67cc18",[153,147],[155],{"url":177,"sources":178,"tags":179},"https://git.kernel.org/stable/c/76385629f45740b7888f8fcd83bde955b10f61fe",[153,147],[155],{"url":181,"sources":182,"tags":183},"https://git.kernel.org/stable/c/f04aad36a07cc17b7a5d5b9a2d386ce6fae63e93",[153,147],[155],[],{"date":186,"score":143,"percentile":187},"2026-06-04",0.02359,[189,193,196,199,202,205,208,211,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,260,263,266,270,273,276,279,282,285,288,291,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,341,344,347,350,353,356,359,361,364,367,370,373,376,380,383,386,389,392,395,398,401,404,407,410,412,415,418,421,424,427,430,433,436,439,442,445,448,451,454,457,460],{"date":190,"score":191,"percentile":192},"2025-11-04",0.00024,0.04944,{"date":194,"score":191,"percentile":195},"2025-11-05",0.04947,{"date":197,"score":191,"percentile":198},"2025-11-06",0.05061,{"date":200,"score":191,"percentile":201},"2025-11-07",0.05067,{"date":203,"score":191,"percentile":204},"2025-11-08",0.05062,{"date":206,"score":191,"percentile":207},"2025-11-09",0.05066,{"date":209,"score":191,"percentile":210},"2025-11-10",0.05044,{"date":212,"score":191,"percentile":213},"2025-11-11",0.05082,{"date":215,"score":191,"percentile":216},"2025-11-12",0.05087,{"date":218,"score":191,"percentile":219},"2025-11-13",0.05114,{"date":221,"score":191,"percentile":222},"2025-11-14",0.05151,{"date":224,"score":191,"percentile":225},"2025-11-15",0.05175,{"date":227,"score":191,"percentile":228},"2025-11-16",0.0519,{"date":230,"score":191,"percentile":231},"2025-11-17",0.05185,{"date":233,"score":191,"percentile":234},"2025-11-18",0.03061,{"date":236,"score":191,"percentile":237},"2025-11-19",0.03112,{"date":239,"score":191,"percentile":240},"2025-11-20",0.03176,{"date":242,"score":191,"percentile":243},"2025-11-21",0.05234,{"date":245,"score":191,"percentile":246},"2025-11-22",0.05227,{"date":248,"score":191,"percentile":249},"2025-11-23",0.05213,{"date":251,"score":191,"percentile":252},"2025-11-24",0.05195,{"date":254,"score":191,"percentile":255},"2025-11-25",0.05207,{"date":257,"score":258,"percentile":259},"2025-11-26",0.00041,0.12121,{"date":261,"score":258,"percentile":262},"2025-11-27",0.12128,{"date":264,"score":258,"percentile":265},"2025-11-28",0.12122,{"date":267,"score":268,"percentile":269},"2025-11-29",0.00045,0.13367,{"date":271,"score":268,"percentile":272},"2025-11-30",0.13374,{"date":274,"score":268,"percentile":275},"2025-12-01",0.13412,{"date":277,"score":268,"percentile":278},"2025-12-02",0.13431,{"date":280,"score":268,"percentile":281},"2025-12-03",0.13452,{"date":283,"score":268,"percentile":284},"2025-12-04",0.13423,{"date":286,"score":268,"percentile":287},"2025-12-05",0.13496,{"date":289,"score":268,"percentile":290},"2025-12-06",0.13512,{"date":292,"score":293,"percentile":294},"2025-12-07",0.00061,0.18866,{"date":296,"score":293,"percentile":297},"2025-12-08",0.18884,{"date":299,"score":293,"percentile":300},"2025-12-09",0.18951,{"date":302,"score":293,"percentile":303},"2025-12-10",0.19028,{"date":305,"score":293,"percentile":306},"2025-12-11",0.19069,{"date":308,"score":293,"percentile":309},"2025-12-12",0.191,{"date":311,"score":293,"percentile":312},"2025-12-13",0.19112,{"date":314,"score":293,"percentile":315},"2025-12-14",0.19062,{"date":317,"score":293,"percentile":318},"2025-12-15",0.19044,{"date":320,"score":293,"percentile":321},"2025-12-16",0.1908,{"date":323,"score":293,"percentile":324},"2025-12-17",0.19163,{"date":326,"score":293,"percentile":327},"2025-12-18",0.19252,{"date":329,"score":293,"percentile":330},"2025-12-19",0.19273,{"date":332,"score":293,"percentile":333},"2025-12-20",0.19247,{"date":335,"score":293,"percentile":336},"2025-12-21",0.19209,{"date":338,"score":339,"percentile":340},"2025-12-22",0.00051,0.1588,{"date":342,"score":339,"percentile":343},"2025-12-23",0.15864,{"date":345,"score":339,"percentile":346},"2025-12-24",0.15873,{"date":348,"score":339,"percentile":349},"2025-12-25",0.1595,{"date":351,"score":339,"percentile":352},"2025-12-26",0.15944,{"date":354,"score":339,"percentile":355},"2025-12-27",0.15956,{"date":357,"score":339,"percentile":358},"2025-12-28",0.15912,{"date":360,"score":339,"percentile":340},"2025-12-29",{"date":362,"score":339,"percentile":363},"2025-12-30",0.15891,{"date":365,"score":339,"percentile":366},"2025-12-31",0.15958,{"date":368,"score":339,"percentile":369},"2026-01-01",0.16063,{"date":371,"score":339,"percentile":372},"2026-01-02",0.16054,{"date":374,"score":339,"percentile":375},"2026-01-03",0.16032,{"date":377,"score":378,"percentile":379},"2026-01-04",0.00053,0.16742,{"date":381,"score":378,"percentile":382},"2026-01-05",0.16703,{"date":384,"score":378,"percentile":385},"2026-01-06",0.16718,{"date":387,"score":378,"percentile":388},"2026-01-07",0.16755,{"date":390,"score":378,"percentile":391},"2026-01-08",0.16814,{"date":393,"score":378,"percentile":394},"2026-01-09",0.16821,{"date":396,"score":378,"percentile":397},"2026-01-10",0.16838,{"date":399,"score":378,"percentile":400},"2026-01-11",0.16804,{"date":402,"score":378,"percentile":403},"2026-01-12",0.16765,{"date":405,"score":378,"percentile":406},"2026-01-13",0.16747,{"date":408,"score":378,"percentile":409},"2026-01-14",0.16805,{"date":411,"score":378,"percentile":409},"2026-01-15",{"date":413,"score":378,"percentile":414},"2026-01-16",0.16851,{"date":416,"score":378,"percentile":417},"2026-01-17",0.16859,{"date":419,"score":378,"percentile":420},"2026-01-18",0.16801,{"date":422,"score":378,"percentile":423},"2026-01-19",0.16752,{"date":425,"score":378,"percentile":426},"2026-01-20",0.16724,{"date":428,"score":378,"percentile":429},"2026-01-21",0.16702,{"date":431,"score":378,"percentile":432},"2026-01-22",0.16639,{"date":434,"score":378,"percentile":435},"2026-01-23",0.16717,{"date":437,"score":378,"percentile":438},"2026-01-24",0.16743,{"date":440,"score":378,"percentile":441},"2026-01-25",0.16675,{"date":443,"score":378,"percentile":444},"2026-01-26",0.16572,{"date":446,"score":378,"percentile":447},"2026-01-27",0.16562,{"date":449,"score":378,"percentile":450},"2026-01-28",0.16571,{"date":452,"score":378,"percentile":453},"2026-01-29",0.16543,{"date":455,"score":378,"percentile":456},"2026-01-30",0.16552,{"date":458,"score":378,"percentile":459},"2026-01-31",0.16567,{"date":461,"score":378,"percentile":462},"2026-02-01",0.16587,[464],{"source":147,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":465,"cvss_v4_0":9},{"baseScore":145,"baseSeverity":466,"vectorString":148,"impactScore":467,"exploitabilityScore":468},"MEDIUM",6,4.6,[470,505],{"ecosystem":9,"name":471,"vendor":472,"product":472,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"Linux","linux","a",[475,482,485,488,491,494,497,500,503],{"version":476,"is_range":477,"range_type":153,"version_start":478,"version_start_type":479,"version_end":480,"version_end_type":481,"fixed_in":9},">= 63c17fb8e5a46a16e10e82005748837fd11a2024, \u003C 850f1ea245bdc0ce6a3fd36bfb80d8cf9647cb71",true,"63c17fb8e5a46a16e10e82005748837fd11a2024","including","850f1ea245bdc0ce6a3fd36bfb80d8cf9647cb71","excluding",{"version":483,"is_range":477,"range_type":153,"version_start":478,"version_start_type":479,"version_end":484,"version_end_type":481,"fixed_in":9},">= 63c17fb8e5a46a16e10e82005748837fd11a2024, \u003C 788e5385d0ff69cdba1cabccb9dab8d9647b9239","788e5385d0ff69cdba1cabccb9dab8d9647b9239",{"version":486,"is_range":477,"range_type":153,"version_start":478,"version_start_type":479,"version_end":487,"version_end_type":481,"fixed_in":9},">= 63c17fb8e5a46a16e10e82005748837fd11a2024, \u003C b69f19244c2b6475c8a6eb72f0fb0d53509e48cd","b69f19244c2b6475c8a6eb72f0fb0d53509e48cd",{"version":489,"is_range":477,"range_type":153,"version_start":478,"version_start_type":479,"version_end":490,"version_end_type":481,"fixed_in":9},">= 63c17fb8e5a46a16e10e82005748837fd11a2024, \u003C 41cb9fd904fe0c39d52e82dd84dc3c96b7aa9693","41cb9fd904fe0c39d52e82dd84dc3c96b7aa9693",{"version":492,"is_range":477,"range_type":153,"version_start":478,"version_start_type":479,"version_end":493,"version_end_type":481,"fixed_in":9},">= 63c17fb8e5a46a16e10e82005748837fd11a2024, \u003C 92b82e232b8d8b116ac6e57aeae7a6033db92c60","92b82e232b8d8b116ac6e57aeae7a6033db92c60",{"version":495,"is_range":477,"range_type":153,"version_start":478,"version_start_type":479,"version_end":496,"version_end_type":481,"fixed_in":9},">= 63c17fb8e5a46a16e10e82005748837fd11a2024, \u003C ac50c6e0a8f91a02b681af81abb2362fbb67cc18","ac50c6e0a8f91a02b681af81abb2362fbb67cc18",{"version":498,"is_range":477,"range_type":153,"version_start":478,"version_start_type":479,"version_end":499,"version_end_type":481,"fixed_in":9},">= 63c17fb8e5a46a16e10e82005748837fd11a2024, \u003C 76385629f45740b7888f8fcd83bde955b10f61fe","76385629f45740b7888f8fcd83bde955b10f61fe",{"version":501,"is_range":477,"range_type":153,"version_start":478,"version_start_type":479,"version_end":502,"version_end_type":481,"fixed_in":9},">= 63c17fb8e5a46a16e10e82005748837fd11a2024, \u003C f04aad36a07cc17b7a5d5b9a2d386ce6fae63e93","f04aad36a07cc17b7a5d5b9a2d386ce6fae63e93",{"version":504,"is_range":141,"range_type":153,"version_start":504,"version_start_type":479,"version_end":504,"version_end_type":479,"fixed_in":9},"4.6",{"ecosystem":9,"name":506,"vendor":472,"product":507,"cpe_part":508,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":509},"linux kernel","linux_kernel","o",[510,514,518,522,526,530,534],{"version":511,"is_range":477,"range_type":512,"version_start":504,"version_start_type":479,"version_end":513,"version_end_type":481,"fixed_in":9},"gte4.6_lt5.4.302","cpe","5.4.302",{"version":515,"is_range":477,"range_type":512,"version_start":516,"version_start_type":479,"version_end":517,"version_end_type":481,"fixed_in":9},"gte5.5_lt5.10.247","5.5","5.10.247",{"version":519,"is_range":477,"range_type":512,"version_start":520,"version_start_type":479,"version_end":521,"version_end_type":481,"fixed_in":9},"gte5.11_lt5.15.197","5.11","5.15.197",{"version":523,"is_range":477,"range_type":512,"version_start":524,"version_start_type":479,"version_end":525,"version_end_type":481,"fixed_in":9},"gte5.16_lt6.1.158","5.16","6.1.158",{"version":527,"is_range":477,"range_type":512,"version_start":528,"version_start_type":479,"version_end":529,"version_end_type":481,"fixed_in":9},"gte6.2_lt6.6.114","6.2","6.6.114",{"version":531,"is_range":477,"range_type":512,"version_start":532,"version_start_type":479,"version_end":533,"version_end_type":481,"fixed_in":9},"gte6.7_lt6.12.55","6.7","6.12.55",{"version":535,"is_range":477,"range_type":512,"version_start":536,"version_start_type":479,"version_end":537,"version_end_type":481,"fixed_in":9},"gte6.13_lt6.17.3","6.13","6.17.3"]