PT-2025-42706 · Linux+4 · Linux Kernel+4

Published

2025-09-29

·

Updated

2026-05-07

·

CVE-2025-40001

CVSS v2.0

4.3

Medium

VectorAV:L/AC:L/Au:M/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Marvell SAS/SATA controller within the Linux kernel where a use-after-free condition can occur during device detachment. Specifically, the cancel delayed work() function may fail to cancel a delayed work item if it is already running, leading to attempts to access freed memory within the mvs work queue() function after it has been deallocated by mvs free(). This issue arises from a race condition during the removal of the controller. The original code called cancel delayed work(), but replacing it with cancel delayed work sync() ensures proper cancellation and completion of the work item before memory deallocation. The issue was identified through static analysis.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

AZL-68585
BDU:2026-02690
CVE-2025-40001
DLA-4379-1
DLA-4404-1
DSA-6053-1
ECHO-887C-9604-9D45
OPENSUSE-SU-2025:15671-1
OPENSUSE-SU-2025:20172-1
OPENSUSE-SU-2026:10301-1
SUSE-SU-2025:4393-1
SUSE-SU-2025:4422-1
SUSE-SU-2025:4505-1
SUSE-SU-2025:4515-1
SUSE-SU-2025:4516-1
SUSE-SU-2025:4517-1
SUSE-SU-2025:4521-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
SUSE-SU-2026:20039-1
SUSE-SU-2026:20059-1
SUSE-SU-2026:20473-1
SUSE-SU-2026:20496-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Marvell Sas/Sata Controller
Ubuntu