CVE-2025-40343
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid scheduling association deletion twice When forcefully shutting down a port via the configfs interface, nvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and then nvmet_disable_port(). Both functions will eventually schedule all remaining associations for deletion. The current implementation checks whether an association is about to be removed, but only after the work item has already been scheduled. As a result, it is possible for the first scheduled work item to free all resources, and then for the same work item to be scheduled again for deletion. Because the association list is an RCU list, it is not possible to take a lock and remove the list entry directly, so it cannot be looked up again. Instead, a flag (terminating) must be used to determine whether the association is already in the process of being deleted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40343
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's nvmet-fc component, where during a forced shutdown of a port via the configfs interface, the system may schedule the deletion of the same association twice. Specifically, two functions, nvmet_port_del_ctrls() and nvmet_disable_port(), both schedule deletion of remaining associations. The implementation only checks if an association is about to be removed after scheduling the work item, which can lead to the same deletion task being scheduled twice. Since the association list uses an RCU list, it cannot be locked or directly removed, so a flag is used to track if an association is already being deleted to prevent double deletion.


How can this vulnerability impact me? :

This vulnerability can lead to double scheduling of deletion tasks for the same association, which may cause resource management issues such as attempting to free already freed resources. This could potentially lead to system instability or crashes during forced port shutdowns in the nvmet-fc subsystem of the Linux kernel.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart