CVE-2025-40259

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-40259

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40259.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-40259

Downstream

BELL-CVE-2025-40259

DEBIAN-CVE-2025-40259

DLA-4404-1

DLA-4436-1

ECHO-2289-8a59-96ae

OESA-2026-1275

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

ROOT-OS-DEBIAN-11-CVE-2025-40259

ROOT-OS-DEBIAN-12-CVE-2025-40259

ROOT-OS-DEBIAN-13-CVE-2025-40259

ROOT-OS-UBUNTU-2204-CVE-2025-40259

ROOT-OS-UBUNTU-2404-CVE-2025-40259

SUSE-SU-2026:0447-1

SUSE-SU-2026:0471-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0473-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

UBUNTU-CVE-2025-40259

USN-8094-1

USN-8094-2

USN-8095-1

USN-8095-2

USN-8095-3

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8100-1

openSUSE-SU-2026:20287-1

Related

Published

2025-12-04T16:08:19.904Z

Modified

2026-03-20T12:43:14.450212Z

Summary

scsi: sg: Do not sleep in atomic context

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: sg: Do not sleep in atomic context

sgfinishremreq() calls blkrqunmapuser(). The latter function may sleep. Hence, call sgfinishrem_req() with interrupts enabled instead of disabled.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40259.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

97d27b0dd015e980ade63fda111fd1353276e28b

Fixed

11eeee00c94d770d4e45364060b5f1526dfe567b

Fixed

db6ac8703ab2b473e1ec845f57f6dd961a388d9f

Fixed

109afbd88ecc46b6cc7551367222387e97999765

Fixed

3dfd520c3b4ffe69e0630c580717d40447ab842f

Fixed

b343cee5df7e750d9033fba33e96fc4399fa88a5

Fixed

b2c0340cfa25c5c1f65e8590cc1a2dc97d14ef0f

Fixed

6983d8375c040bb449d2187f4a57a20de01244fe

Fixed

90449f2d1e1f020835cba5417234636937dd657e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8d1f3b474a89b42f957ba3bae959dd3cd16531ca

Last affected

fa55ef3f803fc7c20be0ab809e6278c31febd875

Last affected

6af37613289cfd32516ada47e444b48a638829c8

Last affected

4a8e8e0af9a520a685e0ab2d489327d5220d7ce2

Last affected

ae9b6ae2e77947534e255903627cc62746ea77e2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40259.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.12.0

Fixed

5.4.302

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.247

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.197

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.159

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.118

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.60

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40259.json"