CVE-2025-40319

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Sync pending IRQ work before freeing ring buffer<br /> <br /> Fix a race where irq_work can be queued in bpf_ringbuf_commit()<br /> but the ring buffer is freed before the work executes.<br /> In the syzbot reproducer, a BPF program attached to sched_switch<br /> triggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer<br /> is freed before this work executes, the irq_work thread may accesses<br /> freed memory.<br /> Calling `irq_work_sync(&amp;rb-&gt;work)` ensures that all pending irq_work<br /> complete before freeing the buffer.