CVE-2025-40125
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40125
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40125.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40125
- Downstream
- Published
- 2025-11-12T10:23:20.180Z
- Modified
- 2025-11-28T02:34:47.854463Z
- Summary
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: check kobject stateinsysfs before deleting in blkmqunregister_hctx
In _blkmqupdatenrhwqueues() the return value of blkmqsysfsregisterhctxs() is not checked. If sysfs creation for hctx fails, later changing the number of hw_queues or removing disk will trigger the following warning:
kernfs: can not remove 'nrtags', no directory WARNING: CPU: 2 PID: 637 at fs/kernfs/dir.c:1707 kernfsremovebynamens+0x13f/0x160 Call Trace: removefiles.isra.1+0x38/0xb0 sysfsremovegroup+0x4d/0x100 sysfsremovegroups+0x31/0x60 _kobjectdel+0x23/0xf0 kobjectdel+0x17/0x40 blkmqunregisterhctx+0x5d/0x80 blkmqsysfsunregisterhctxs+0x94/0xd0 blkmqupdatenrhwqueues+0x124/0x760 nullbupdatenrhwqueues+0x71/0xf0 [nullblk] nullbdevicesubmitqueuesstore+0x92/0x120 [null_blk]
kobjct_del() was called unconditionally even if sysfs creation failed. Fix it by checkig the kobject creation statusbefore deleting it.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40125.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/06c4826b1d900611096e4621e93133db57e13911
- https://git.kernel.org/stable/c/4b97e99b87a773d52699521d40864f3ec888e9a6
- https://git.kernel.org/stable/c/4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed
- https://git.kernel.org/stable/c/6e7dadc5763c48eb3b9b91265a21f312599ebb2c
- https://git.kernel.org/stable/c/a8c53553f1833cc2d14175d2d72cf37193a01898
- https://git.kernel.org/stable/c/babc634e9fe2803962dba98a07587e835dbc0731
- https://git.kernel.org/stable/c/cc14ea21c4e658814d737ed4dedde6cd626a15ad
- https://git.kernel.org/stable/c/d5ddd76ee52bdc16e9f8b1e7791291e785dab032
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40125.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40125
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced477e19dedc9d3e1f4443a1d4ae00572a988120eaFixeda8c53553f1833cc2d14175d2d72cf37193a01898Fixedcc14ea21c4e658814d737ed4dedde6cd626a15adFixed4b97e99b87a773d52699521d40864f3ec888e9a6Fixed6e7dadc5763c48eb3b9b91265a21f312599ebb2cFixed06c4826b1d900611096e4621e93133db57e13911Fixedbabc634e9fe2803962dba98a07587e835dbc0731Fixedd5ddd76ee52bdc16e9f8b1e7791291e785dab032Fixed4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.301
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.246
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.195
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.156
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.112
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.53
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.17.3