PT-2025-49034 · Linux+3 · Linux Kernel+3

Published

2025-09-15

·

Updated

2026-05-07

·

CVE-2025-40220

CVSS v2.0

3.8

Low

VectorAV:L/AC:H/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw related to a livelock in synchronous file put operations from fuseblk workers. This issue can lead to a hang when running tests that involve opening a file, initiating numerous asynchronous input/output (AIO) writes, and closing the file descriptor before the writes are completed. The root cause is that the fuseblk server sends the FUSE RELEASE command synchronously, which can cause all fuse server threads to become blocked in delayed file put operations, preventing them from handling queued fuse commands. The issue occurs when AIO completion functions put the struct file, queuing a delayed fput to the fuse server task.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Weakness Enumeration

CWE-833

Related Identifiers

AZL-71290
BDU:2026-02789
CVE-2025-40220
DLA-4404-1
OESA-2026-1759
OESA-2026-1760
OESA-2026-1761
OPENSUSE-SU-2026:20145-1
SUSE-SU-2026:0263-1
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:0317-1
SUSE-SU-2026:0350-1
SUSE-SU-2026:0369-1
SUSE-SU-2026:0411-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:1078-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu