CVE-2025-40130
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-40130
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40130.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40130
- Downstream
- Published
- 2025-11-12T10:23:21Z
- Modified
- 2025-11-12T20:28:08.071234Z
- Summary
- scsi: ufs: core: Fix data race in CPU latency PM QoS request handling
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix data race in CPU latency PM QoS request handling
The cpulatencyqosadd/remove/updaterequest interfaces lack internal synchronization by design, requiring the caller to ensure thread safety. The current implementation relies on the 'pmqosenabled' flag, which is insufficient to prevent concurrent access and cannot serve as a proper synchronization mechanism. This has led to data races and list corruption issues.
A typical race condition call trace is:
[Thread A] ufshcdpmqosexit() --> cpulatencyqosremoverequest() --> cpulatencyqosapply(); --> pmqosupdatetarget() --> plistdel <--(1) delete plist node --> memset(req, 0, sizeof(*req)); --> hba->pmqosenabled = false;
[Thread B] ufshcddevfreqtarget --> ufshcddevfreqscale --> ufshcdscaleclks --> ufshcdpmqosupdate <--(2) pmqosenabled is true --> cpulatencyqosupdaterequest --> pmqosupdatetarget --> plist_del <--(3) plist node use-after-free
Introduces a dedicated mutex to serialize PM QoS operations, preventing data races and ensuring safe access to PM QoS resources, including sysfs interface reads.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2777e73fc154e2e87233bdcc0e2402b33815198eFixedd9df61afb8d23c475f1be3c714da2c34c156ab01
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2777e73fc154e2e87233bdcc0e2402b33815198eFixed79dde5f7dc7c038eec903745dc1550cd4139980e
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.8
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"digest": {
"length": 171.0,
"function_hash": "175104523301639755625309549972608122576"
},
"target": {
"file": "drivers/ufs/core/ufshcd.c",
"function": "ufshcd_pm_qos_update"
},
"signature_type": "Function",
"id": "CVE-2025-40130-0932eb6d",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@79dde5f7dc7c038eec903745dc1550cd4139980e",
"deprecated": false
},
{
"digest": {
"length": 171.0,
"function_hash": "279846887909687420548137791278364332366"
},
"target": {
"file": "drivers/ufs/core/ufs-sysfs.c",
"function": "pm_qos_enable_show"
},
"signature_type": "Function",
"id": "CVE-2025-40130-121e03bc",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@79dde5f7dc7c038eec903745dc1550cd4139980e",
"deprecated": false
},
{
"digest": {
"length": 211.0,
"function_hash": "161144536888502275746449307048056650651"
},
"target": {
"file": "drivers/ufs/core/ufshcd.c",
"function": "ufshcd_pm_qos_init"
},
"signature_type": "Function",
"id": "CVE-2025-40130-2074b87c",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9df61afb8d23c475f1be3c714da2c34c156ab01",
"deprecated": false
},
{
"digest": {
"length": 171.0,
"function_hash": "175104523301639755625309549972608122576"
},
"target": {
"file": "drivers/ufs/core/ufshcd.c",
"function": "ufshcd_pm_qos_update"
},
"signature_type": "Function",
"id": "CVE-2025-40130-2242252e",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9df61afb8d23c475f1be3c714da2c34c156ab01",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"192098476539720114552891112223904347607",
"39464154162545662642582839806593500486",
"32396721827582825358834359957633070224",
"49686596185821076680879895692364875869",
"162777582885613778132295479327273987598",
"144619484934537137281137029446456564921",
"39833186615708812020358605901401553804"
],
"threshold": 0.9
},
"target": {
"file": "include/ufs/ufshcd.h"
},
"signature_type": "Line",
"id": "CVE-2025-40130-2a3e0c59",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@79dde5f7dc7c038eec903745dc1550cd4139980e",
"deprecated": false
},
{
"digest": {
"length": 211.0,
"function_hash": "161144536888502275746449307048056650651"
},
"target": {
"file": "drivers/ufs/core/ufshcd.c",
"function": "ufshcd_pm_qos_init"
},
"signature_type": "Function",
"id": "CVE-2025-40130-3d7bbe62",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@79dde5f7dc7c038eec903745dc1550cd4139980e",
"deprecated": false
},
{
"digest": {
"length": 4022.0,
"function_hash": "114311854057269912564934481753913031782"
},
"target": {
"file": "drivers/ufs/core/ufshcd.c",
"function": "ufshcd_init"
},
"signature_type": "Function",
"id": "CVE-2025-40130-434637f7",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9df61afb8d23c475f1be3c714da2c34c156ab01",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"302929706109372755151703482626999633196",
"55337381644691091866619464517651849337",
"279811551338568385767992851480458185775",
"39438868012533649806821985166537360310",
"89639222084605853538390133450255598184",
"305661740205696471135039306182749524907",
"254060561454085937940027414303029114354",
"149087910860524138510809495470005849480",
"289438689756824937441323668418148256120",
"89955751726838759070102452498182242653",
"143330200705882737275768648441382591923",
"15502976252320414854883864587146829976",
"226737593310273416537911021048930237440",
"280719877694931658990285153024584235593",
"75651718084633222850475964530729397177",
"317585771764467769938673279088143578562"
],
"threshold": 0.9
},
"target": {
"file": "drivers/ufs/core/ufshcd.c"
},
"signature_type": "Line",
"id": "CVE-2025-40130-5b8bfa2a",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9df61afb8d23c475f1be3c714da2c34c156ab01",
"deprecated": false
},
{
"digest": {
"length": 171.0,
"function_hash": "279846887909687420548137791278364332366"
},
"target": {
"file": "drivers/ufs/core/ufs-sysfs.c",
"function": "pm_qos_enable_show"
},
"signature_type": "Function",
"id": "CVE-2025-40130-5fbf3858",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9df61afb8d23c475f1be3c714da2c34c156ab01",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"74915221703453101308630630131619255367",
"133953688068555699350996684278810037697",
"24853035058032338735437615136550566149"
],
"threshold": 0.9
},
"target": {
"file": "drivers/ufs/core/ufs-sysfs.c"
},
"signature_type": "Line",
"id": "CVE-2025-40130-9afef3ee",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9df61afb8d23c475f1be3c714da2c34c156ab01",
"deprecated": false
},
{
"digest": {
"length": 149.0,
"function_hash": "91929898439865835151382713659549014241"
},
"target": {
"file": "drivers/ufs/core/ufshcd.c",
"function": "ufshcd_pm_qos_exit"
},
"signature_type": "Function",
"id": "CVE-2025-40130-9b97c6ff",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@79dde5f7dc7c038eec903745dc1550cd4139980e",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"302929706109372755151703482626999633196",
"55337381644691091866619464517651849337",
"279811551338568385767992851480458185775",
"39438868012533649806821985166537360310",
"89639222084605853538390133450255598184",
"305661740205696471135039306182749524907",
"254060561454085937940027414303029114354",
"149087910860524138510809495470005849480",
"289438689756824937441323668418148256120",
"89955751726838759070102452498182242653",
"143330200705882737275768648441382591923",
"15502976252320414854883864587146829976",
"226737593310273416537911021048930237440",
"280719877694931658990285153024584235593",
"75651718084633222850475964530729397177",
"317585771764467769938673279088143578562"
],
"threshold": 0.9
},
"target": {
"file": "drivers/ufs/core/ufshcd.c"
},
"signature_type": "Line",
"id": "CVE-2025-40130-b2806d01",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@79dde5f7dc7c038eec903745dc1550cd4139980e",
"deprecated": false
},
{
"digest": {
"length": 4022.0,
"function_hash": "114311854057269912564934481753913031782"
},
"target": {
"file": "drivers/ufs/core/ufshcd.c",
"function": "ufshcd_init"
},
"signature_type": "Function",
"id": "CVE-2025-40130-be119ef3",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@79dde5f7dc7c038eec903745dc1550cd4139980e",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"192098476539720114552891112223904347607",
"39464154162545662642582839806593500486",
"32396721827582825358834359957633070224",
"49686596185821076680879895692364875869",
"162777582885613778132295479327273987598",
"144619484934537137281137029446456564921",
"39833186615708812020358605901401553804"
],
"threshold": 0.9
},
"target": {
"file": "include/ufs/ufshcd.h"
},
"signature_type": "Line",
"id": "CVE-2025-40130-d3b0c389",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9df61afb8d23c475f1be3c714da2c34c156ab01",
"deprecated": false
},
{
"digest": {
"length": 149.0,
"function_hash": "91929898439865835151382713659549014241"
},
"target": {
"file": "drivers/ufs/core/ufshcd.c",
"function": "ufshcd_pm_qos_exit"
},
"signature_type": "Function",
"id": "CVE-2025-40130-d6ef4aff",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d9df61afb8d23c475f1be3c714da2c34c156ab01",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"74915221703453101308630630131619255367",
"133953688068555699350996684278810037697",
"24853035058032338735437615136550566149"
],
"threshold": 0.9
},
"target": {
"file": "drivers/ufs/core/ufs-sysfs.c"
},
"signature_type": "Line",
"id": "CVE-2025-40130-f9ccb32c",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@79dde5f7dc7c038eec903745dc1550cd4139980e",
"deprecated": false
}
]