[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-40214":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":59,"related":60,"reserved_at":9,"published_at":79,"modified_at":80,"state":81,"summary":82,"references_raw":86,"kevs":113,"epss":114,"epss_history":117,"metrics":393,"affected":394},"CVE-2025-40214","In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Initialise scc_index in unix_add_edge().\n\nQuang Le reported that the AF_UNIX GC could garbage-collect a\nreceive queue of an alive in-flight socket, with a nice repro.\n\nThe repro consists of three stages.\n\n  1)\n    1-a. Create a single cyclic reference with many sockets\n    1-b. close() all sockets\n    1-c. Trigger GC\n\n  2)\n    2-a. Pass sk-A to an embryo sk-B\n    2-b. Pass sk-X to sk-X\n    2-c. Trigger GC\n\n  3)\n    3-a. accept() the embryo sk-B\n    3-b. Pass sk-B to sk-C\n    3-c. close() the in-flight sk-A\n    3-d. Trigger GC\n\nAs of 2-c, sk-A and sk-X are linked to unix_unvisited_vertices,\nand unix_walk_scc() groups them into two different SCCs:\n\n  unix_sk(sk-A)->vertex->scc_index = 2 (UNIX_VERTEX_INDEX_START)\n  unix_sk(sk-X)->vertex->scc_index = 3\n\nOnce GC completes, unix_graph_grouped is set to true.\nAlso, unix_graph_maybe_cyclic is set to true due to sk-X's\ncyclic self-reference, which makes close() trigger GC.\n\nAt 3-b, unix_add_edge() allocates unix_sk(sk-B)->vertex and\nlinks it to unix_unvisited_vertices.\n\nunix_update_graph() is called at 3-a. and 3-b., but neither\nunix_graph_grouped nor unix_graph_maybe_cyclic is changed\nbecause both sk-B's listener and sk-C are not in-flight.\n\n3-c decrements sk-A's file refcnt to 1.\n\nSince unix_graph_grouped is true at 3-d, unix_walk_scc_fast()\nis finally called and iterates 3 sockets sk-A, sk-B, and sk-X:\n\n  sk-A -> sk-B (-> sk-C)\n  sk-X -> sk-X\n\nThis is totally fine.  All of them are not yet close()d and\nshould be grouped into different SCCs.\n\nHowever, unix_vertex_dead() misjudges that sk-A and sk-B are\nin the same SCC and sk-A is dead.\n\n  unix_sk(sk-A)->scc_index == unix_sk(sk-B)->scc_index \u003C-- Wrong!\n  &&\n  sk-A's file refcnt == unix_sk(sk-A)->vertex->out_degree\n                                       ^-- 1 in-flight count for sk-B\n  -> sk-A is dead !?\n\nThe problem is that unix_add_edge() does not initialise scc_index.\n\nStage 1) is used for heap spraying, making a newly allocated\nvertex have vertex->scc_index == 2 (UNIX_VERTEX_INDEX_START)\nset by unix_walk_scc() at 1-c.\n\nLet's track the max SCC index from the previous unix_walk_scc()\ncall and assign the max + 1 to a new vertex's scc_index.\n\nThis way, we can continue to avoid Tarjan's algorithm while\npreventing misjudgments.",null,[],[],[],[],[15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57],{"_key":16},"SUSE-SU-2026:20207-1",{"_key":18},"SUSE-SU-2026:20220-1",{"_key":20},"SUSE-SU-2026:20228-1",{"_key":22},"OPENSUSE-SU-2026:20145-1",{"_key":24},"SUSE-SU-2026:20828-1",{"_key":26},"SUSE-SU-2026:20829-1",{"_key":28},"SUSE-SU-2026:20831-1",{"_key":30},"SUSE-SU-2026:20832-1",{"_key":32},"SUSE-SU-2026:20837-1",{"_key":34},"SUSE-SU-2026:20840-1",{"_key":36},"SUSE-SU-2026:20841-1",{"_key":38},"SUSE-SU-2026:20842-1",{"_key":40},"SUSE-SU-2026:20944-1",{"_key":42},"SUSE-SU-2026:20945-1",{"_key":44},"SUSE-SU-2026:20946-1",{"_key":46},"SUSE-SU-2026:20947-1",{"_key":48},"MGASA-2026-0017",{"_key":50},"MGASA-2026-0018",{"_key":52},"LSN-0118-1",{"_key":54},"USN-8014-1",{"_key":56},"DEBIAN-CVE-2025-40214",{"_key":58},"UBUNTU-CVE-2025-40214",[],[61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78],{"_key":16},{"_key":18},{"_key":20},{"_key":22},{"_key":24},{"_key":26},{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},"2025-12-04T12:38:31.601Z","2026-06-02T12:59:56.598Z","Deferred",{"cisa_kev":83,"cisa_ransomware":83,"cisa_vendor":9,"epss_severity":84,"epss_score":85,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":81},false,"low",0.00058,[87,93,97,101,105,109],{"url":88,"sources":89,"tags":92},"https://git.kernel.org/stable/c/20003fbb9174121b27bd1da6ebe61542ac4c327d",[90,91],"cve.org","nvd",[],{"url":94,"sources":95,"tags":96},"https://git.kernel.org/stable/c/4cd8d755c7d4f515dd9abf483316aca2f1b7b0f3",[90,91],[],{"url":98,"sources":99,"tags":100},"https://git.kernel.org/stable/c/db81ad20fd8aef7cc7d536c52ee5ea4c1f979128",[90,91],[],{"url":102,"sources":103,"tags":104},"https://git.kernel.org/stable/c/1aa7e40ee850c9053e769957ce6541173891204d",[90,91],[],{"url":106,"sources":107,"tags":108},"https://git.kernel.org/stable/c/60e6489f8e3b086bd1130ad4450a2c112e863791",[90,91],[],{"url":110,"sources":111,"tags":112},"https://cert-portal.siemens.com/productcert/html/ssa-253495.html",[90,91],[],[],{"date":115,"score":85,"percentile":116},"2026-06-03",0.18383,[118,122,125,128,131,134,138,141,144,147,150,153,156,159,162,165,168,171,174,177,180,183,186,189,191,194,197,200,203,206,209,212,216,219,222,225,228,231,234,237,240,243,246,249,252,256,259,262,265,268,271,274,277,280,283,287,290,293,296,299,302,305,308,311,314,317,320,323,327,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390],{"date":119,"score":120,"percentile":121},"2025-12-05",0.00018,0.03583,{"date":123,"score":120,"percentile":124},"2025-12-06",0.03597,{"date":126,"score":120,"percentile":127},"2025-12-07",0.0377,{"date":129,"score":120,"percentile":130},"2025-12-08",0.03778,{"date":132,"score":120,"percentile":133},"2025-12-09",0.0382,{"date":135,"score":136,"percentile":137},"2025-12-10",0.00024,0.05553,{"date":139,"score":136,"percentile":140},"2025-12-11",0.05558,{"date":142,"score":136,"percentile":143},"2025-12-12",0.05587,{"date":145,"score":136,"percentile":146},"2025-12-13",0.05629,{"date":148,"score":136,"percentile":149},"2025-12-14",0.05609,{"date":151,"score":136,"percentile":152},"2025-12-15",0.05596,{"date":154,"score":136,"percentile":155},"2025-12-16",0.0561,{"date":157,"score":136,"percentile":158},"2025-12-17",0.05674,{"date":160,"score":136,"percentile":161},"2025-12-18",0.05711,{"date":163,"score":136,"percentile":164},"2025-12-19",0.05703,{"date":166,"score":136,"percentile":167},"2025-12-20",0.05699,{"date":169,"score":136,"percentile":170},"2025-12-21",0.05687,{"date":172,"score":136,"percentile":173},"2025-12-22",0.05645,{"date":175,"score":136,"percentile":176},"2025-12-23",0.05657,{"date":178,"score":136,"percentile":179},"2025-12-24",0.0569,{"date":181,"score":136,"percentile":182},"2025-12-25",0.05725,{"date":184,"score":136,"percentile":185},"2025-12-26",0.0572,{"date":187,"score":136,"percentile":188},"2025-12-27",0.05717,{"date":190,"score":136,"percentile":161},"2025-12-28",{"date":192,"score":136,"percentile":193},"2025-12-29",0.05698,{"date":195,"score":136,"percentile":196},"2025-12-30",0.05696,{"date":198,"score":136,"percentile":199},"2025-12-31",0.05731,{"date":201,"score":136,"percentile":202},"2026-01-01",0.05802,{"date":204,"score":136,"percentile":205},"2026-01-02",0.058,{"date":207,"score":136,"percentile":208},"2026-01-03",0.05762,{"date":210,"score":136,"percentile":211},"2026-01-04",0.05667,{"date":213,"score":214,"percentile":215},"2026-01-05",0.00026,0.0636,{"date":217,"score":214,"percentile":218},"2026-01-06",0.06369,{"date":220,"score":214,"percentile":221},"2026-01-07",0.06393,{"date":223,"score":214,"percentile":224},"2026-01-08",0.06451,{"date":226,"score":214,"percentile":227},"2026-01-09",0.06457,{"date":229,"score":214,"percentile":230},"2026-01-10",0.06489,{"date":232,"score":214,"percentile":233},"2026-01-11",0.06482,{"date":235,"score":214,"percentile":236},"2026-01-12",0.06452,{"date":238,"score":214,"percentile":239},"2026-01-13",0.06436,{"date":241,"score":214,"percentile":242},"2026-01-14",0.06488,{"date":244,"score":214,"percentile":245},"2026-01-15",0.06494,{"date":247,"score":214,"percentile":248},"2026-01-16",0.06513,{"date":250,"score":214,"percentile":251},"2026-01-17",0.06519,{"date":253,"score":254,"percentile":255},"2026-01-18",0.00045,0.13693,{"date":257,"score":254,"percentile":258},"2026-01-19",0.13631,{"date":260,"score":254,"percentile":261},"2026-01-20",0.13611,{"date":263,"score":254,"percentile":264},"2026-01-21",0.13597,{"date":266,"score":254,"percentile":267},"2026-01-22",0.13559,{"date":269,"score":254,"percentile":270},"2026-01-23",0.1364,{"date":272,"score":254,"percentile":273},"2026-01-24",0.13684,{"date":275,"score":254,"percentile":276},"2026-01-25",0.13627,{"date":278,"score":254,"percentile":279},"2026-01-26",0.1356,{"date":281,"score":254,"percentile":282},"2026-01-27",0.13556,{"date":284,"score":285,"percentile":286},"2026-01-28",0.00037,0.10845,{"date":288,"score":285,"percentile":289},"2026-01-29",0.10831,{"date":291,"score":285,"percentile":292},"2026-01-30",0.10852,{"date":294,"score":285,"percentile":295},"2026-01-31",0.10867,{"date":297,"score":285,"percentile":298},"2026-02-01",0.10873,{"date":300,"score":285,"percentile":301},"2026-02-02",0.10825,{"date":303,"score":285,"percentile":304},"2026-02-03",0.10795,{"date":306,"score":285,"percentile":307},"2026-02-04",0.10789,{"date":309,"score":285,"percentile":310},"2026-02-05",0.10848,{"date":312,"score":285,"percentile":313},"2026-02-06",0.10871,{"date":315,"score":285,"percentile":316},"2026-02-07",0.10899,{"date":318,"score":285,"percentile":319},"2026-02-08",0.10889,{"date":321,"score":285,"percentile":322},"2026-02-09",0.10857,{"date":324,"score":325,"percentile":326},"2026-02-10",0.00039,0.11437,{"date":328,"score":325,"percentile":329},"2026-02-11",0.1149,{"date":331,"score":325,"percentile":332},"2026-02-12",0.11513,{"date":334,"score":325,"percentile":335},"2026-02-13",0.11515,{"date":337,"score":325,"percentile":338},"2026-02-14",0.11504,{"date":340,"score":325,"percentile":341},"2026-02-15",0.11495,{"date":343,"score":325,"percentile":344},"2026-02-16",0.11441,{"date":346,"score":325,"percentile":347},"2026-02-17",0.11422,{"date":349,"score":325,"percentile":350},"2026-02-18",0.11696,{"date":352,"score":325,"percentile":353},"2026-02-19",0.11768,{"date":355,"score":325,"percentile":356},"2026-02-20",0.11757,{"date":358,"score":325,"percentile":359},"2026-02-21",0.11787,{"date":361,"score":325,"percentile":362},"2026-02-22",0.11785,{"date":364,"score":325,"percentile":365},"2026-02-23",0.11743,{"date":367,"score":325,"percentile":368},"2026-02-24",0.11667,{"date":370,"score":325,"percentile":371},"2026-02-25",0.11609,{"date":373,"score":325,"percentile":374},"2026-02-26",0.11567,{"date":376,"score":325,"percentile":377},"2026-02-27",0.11577,{"date":379,"score":325,"percentile":380},"2026-02-28",0.11572,{"date":382,"score":325,"percentile":383},"2026-03-01",0.11586,{"date":385,"score":325,"percentile":386},"2026-03-02",0.11521,{"date":388,"score":325,"percentile":389},"2026-03-03",0.11509,{"date":391,"score":325,"percentile":392},"2026-03-04",0.11471,[],[395],{"ecosystem":9,"name":396,"vendor":397,"product":397,"cpe_part":398,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":399},"Linux","linux","a",[400,407,411,415,418,421,425,429],{"version":401,"is_range":402,"range_type":90,"version_start":403,"version_start_type":404,"version_end":405,"version_end_type":406,"fixed_in":9},">= adfb68b39b39767d6bfb53e48c4f19c183765686, \u003C 20003fbb9174121b27bd1da6ebe61542ac4c327d",true,"adfb68b39b39767d6bfb53e48c4f19c183765686","including","20003fbb9174121b27bd1da6ebe61542ac4c327d","excluding",{"version":408,"is_range":402,"range_type":90,"version_start":409,"version_start_type":404,"version_end":410,"version_end_type":406,"fixed_in":9},">= d23802221f6755e104606864067c71af8cdb6788, \u003C 4cd8d755c7d4f515dd9abf483316aca2f1b7b0f3","d23802221f6755e104606864067c71af8cdb6788","4cd8d755c7d4f515dd9abf483316aca2f1b7b0f3",{"version":412,"is_range":402,"range_type":90,"version_start":413,"version_start_type":404,"version_end":414,"version_end_type":406,"fixed_in":9},">= ad081928a8b0f57f269df999a28087fce6f2b6ce, \u003C db81ad20fd8aef7cc7d536c52ee5ea4c1f979128","ad081928a8b0f57f269df999a28087fce6f2b6ce","db81ad20fd8aef7cc7d536c52ee5ea4c1f979128",{"version":416,"is_range":402,"range_type":90,"version_start":413,"version_start_type":404,"version_end":417,"version_end_type":406,"fixed_in":9},">= ad081928a8b0f57f269df999a28087fce6f2b6ce, \u003C 1aa7e40ee850c9053e769957ce6541173891204d","1aa7e40ee850c9053e769957ce6541173891204d",{"version":419,"is_range":402,"range_type":90,"version_start":413,"version_start_type":404,"version_end":420,"version_end_type":406,"fixed_in":9},">= ad081928a8b0f57f269df999a28087fce6f2b6ce, \u003C 60e6489f8e3b086bd1130ad4450a2c112e863791","60e6489f8e3b086bd1130ad4450a2c112e863791",{"version":422,"is_range":402,"range_type":90,"version_start":423,"version_start_type":404,"version_end":424,"version_end_type":406,"fixed_in":9},">= 6.1.141, \u003C 6.1.159","6.1.141","6.1.159",{"version":426,"is_range":402,"range_type":90,"version_start":427,"version_start_type":404,"version_end":428,"version_end_type":406,"fixed_in":9},">= 6.6.93, \u003C 6.6.117","6.6.93","6.6.117",{"version":430,"is_range":83,"range_type":90,"version_start":430,"version_start_type":404,"version_end":430,"version_end_type":404,"fixed_in":9},"6.10"]