PT-2025-46590 · Linux+3 · Linux Kernel+3

Published

2025-09-22

Updated

2026-05-07

CVE-2025-40115

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc1+ #1

Description The Linux kernel contained a flaw in the mpt3sas driver where a crash could occur during the removal of a transport port. This was due to logging messages with dev printk() against a SAS transport device that was already partially unregistered or freed. The issue was resolved by using ioc info(), which logs via the PCI device, ensuring it remains valid until driver removal.

Recommendations Update to a version of the Linux kernel newer than 6.16.0-rc1+ #1.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-02784

CVE-2025-40115

DLA-4379-1

DLA-4404-1

OESA-2026-1073

OESA-2026-1077

OESA-2026-1078

OPENSUSE-SU-2025:20172-1

SUSE-SU-2025:4393-1

SUSE-SU-2025:4422-1

SUSE-SU-2025:4505-1

SUSE-SU-2025:4516-1

SUSE-SU-2025:4517-1

SUSE-SU-2025:4521-1

SUSE-SU-2026:0473-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

SUSE-SU-2026:20039-1

SUSE-SU-2026:20059-1

SUSE-SU-2026:20473-1

SUSE-SU-2026:20496-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8033-1

USN-8033-2

USN-8033-3

USN-8033-4

USN-8033-5

USN-8033-6

USN-8033-7

USN-8033-8

USN-8034-1

USN-8034-2

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8165-1

USN-8243-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

PT-2025-46590 · Linux+3 · Linux Kernel+3

CVE-2025-40115

Weakness Enumeration

Related Identifiers

Affected Products

References · 2291