CVE-2025-40061

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the RDMA/rxe task state management within the Linux kernel. Specifically, the issue occurs in the do task() function when draining tasks. When do task() exhausts its iteration budget, it sets the task state to TASK STATE IDLE for rescheduling without verifying the current task state. This can overwrite the TASK STATE DRAINING state set by concurrent calls to rxe cleanup task() or rxe disable task(). The race condition arises because the cleanup logic releases the spinlock while waiting for the task to finish draining, allowing do task() to acquire the lock and potentially proceed with cleanup while the task incorrectly reschedules itself, leading to a potential use-after-free condition. This issue was introduced during the migration from tasklets to workqueues, where special handling for the draining case was lost.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.