All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Deep Dive: The Rewritten AF_UNIX Garbage Collector and CVE-2025-40214

By

@AcherirMoe

13d ago· 13 min readenInsight
technologyprogramming

Summary

A detailed technical walkthrough of the rewritten AF_UNIX garbage collector in the Linux kernel. The article explains how the GC handles unreachable sockets sent via SCM_RIGHTS, describes the new graph/Strongly-Connected-Components model, and analyzes a Use-After-Free bug (CVE-2025-40214) caused by an uninitialized scc_index field. Includes two reproducers for the bug.

Source

Hacker NewsDeep Dive: The Rewritten AF_UNIX Garbage Collector and CVE-2025-40214mohandacherir.github.io

Key quotes

· 4 pulled
The AF_UNIX garbage collector is an interesting piece of the kernel.
It exists because sockets can be sent with SCM_RIGHTS but they can become unreachable from user-space while still being kept alive by the kernel, which is not memory efficient.
Not long ago, the subsystem was rewritten from scratch on top of a graph/Strongly-Connected-Components model; but it is still bug prone.
This post walks the rewrite end-to-end, and discusses a Use-After-Free bug.
Snippet from the RSS feed
A walkthrough of the rewritten AF_UNIX garbage collector, the CVE-2025-40214 scc_index uninitialised-field bug, and two reproducers.

You might also wanna read

Working Exploit Released for Linux Kernel Use-After-Free Flaw CVE-2026-23111 Enabling Local Root Access

Security researchers have released a working exploit for CVE-2026-23111, a Linux kernel use-after-free vulnerability in nf_tables. The flaw

hendryadrian.com·15d ago

NVD - CVE-2026-11463

nvd.nist.gov·16d ago

CVE-2026-12043: Heap Double-Free Vulnerability Discovered in AWS Common Runtime aws-c-http Library

AWS disclosed CVE-2026-12043, a heap double-free vulnerability in the AWS Common Runtime aws-c-http library. The issue stems from improper h

aws.amazon.com·10d ago

CVE-2025-9032: Heap Buffer Out-of-Bounds Read Vulnerability in Avira Antivirus Engine

A heap buffer out-of-bounds read vulnerability (CVE-2025-9032) has been discovered in the Avira Antivirus engine. The flaw occurs when scann

nvd.nist.gov·11d ago

Python 3.14 Delivers JIT Compiler and GIL-Free Concurrency

Python 3.14 introduces two major features: a new JIT (Just-In-Time) compiler and the removal of the Global Interpreter Lock (GIL), enabling

towardsdatascience.com·1d ago

CVE-2025-14098: Heap Buffer Overflow Vulnerability in Avira Antivirus Engine (Pre-8.3.70.104)

A heap buffer out-of-bounds write vulnerability (CVE-2025-14098) exists in the Avira Antivirus engine due to an integer overflow when scanni

nvd.nist.gov·11d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.