CVE-2025-40305
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2025-12-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN p9_read_work() doesn't set Rworksched and doesn't do schedule_work(m->rq) if list_empty(&m->req_list). However, if the pipe is full, we need to read more data and this used to work prior to commit aaec5a95d59615 ("pipe_read: don't wake up the writer if the pipe is still full"). p9_read_work() does p9_fd_read() -> ... -> anon_pipe_read() which (before the commit above) triggered the unnecessary wakeup. This wakeup calls p9_pollwake() which kicks p9_poll_workfn() -> p9_poll_mux(), p9_poll_mux() will notice EPOLLIN and schedule_work(&m->rq). This no longer happens after the optimization above, change p9_fd_request() to use p9_poll_mux() instead of only checking for EPOLLOUT.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-08
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40305
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's 9p file system code, specifically in the handling of pipe read operations. A recent optimization changed how the system wakes up threads waiting to read data from pipes. Previously, when the pipe was full, the system would wake up the reader thread to process more data. After the optimization, this wakeup no longer occurs as expected, causing the read work function not to schedule further work when needed. The fix changes the request function to use a different polling mechanism (p9_poll_mux) to detect when data is available (EPOLLIN) and properly schedule the read work thread, restoring the intended behavior.

Impact Analysis

This vulnerability can cause the Linux kernel's 9p file system to fail to properly process incoming data when pipes are full, potentially leading to stalled or delayed data reads. This could impact system performance or functionality relying on 9p file system communication, possibly causing applications to hang or behave unexpectedly due to missed wakeups for reading data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40305. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart