CVE-2025-40125

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the handling of hardware queue contexts within the block I/O management framework (blk-mq). Specifically, the code does not verify the success of sysfs creation for hardware contexts (hctx) before attempting to delete them. If sysfs registration fails, subsequent operations, such as changing the number of hardware queues or removing a disk, can trigger a kernel warning and potentially lead to instability. The issue occurs because the kobject del() function is called unconditionally, even if the sysfs creation failed. The vulnerable code is located in blk mq update nr hw queues(), where the return value of blk mq sysfs register hctxs() is not checked. This can lead to errors when attempting to remove the 'nr tags' directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.