CVE-2025-40007

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a reference leak in the netfs subsystem. A commit (20d72b00ca81) initially aimed to fix a related issue, but introduced a scenario where a reference to a netfs io request could be leaked if the request was released before the I/O operation was submitted. This leak occurred in error code paths, where the reference counter was decremented only once, and the work item was never queued, leading to a perpetually positive netfs inode.io count. This issue caused outages in a server cluster due to deadlocks in Ceph, triggered by a failure in fscache begin write operation(). The code is described as fragile, with complex reference counting making it difficult to determine which code paths would lead to completion. The fix involves adding the function netfs put failed request() to synchronously free failed requests, assuming a reference count of exactly two, and adding a netfs put request() call to netfs unbuffered read().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.