CVE-2025-40147

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a flaw in the block I/O throttling mechanism. Specifically, a race condition existed during throttle policy activation, potentially leading to a NULL pointer dereference in blk should throtl(). This could occur during early initialization when throttling was consulted before the throttle policy was fully enabled for the queue. The issue stemmed from insufficient checks during initialization, allowing access to throttle group state before policy data was attached. The function submit bio noacct was involved in the crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.