CVE-2025-40261

CVSS v2.0

5.7

Medium

Vector

AV:L/AC:L/Au:S/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0

Description The Linux kernel contains a flaw within the nvme-fc subsystem. Specifically, the issue arises from improper handling of work queues during the deletion of an NVMe-FC controller association. The nvme fc delete association() function waits for pending I/O operations to complete before returning. However, an error condition can cause the ioerr work to be queued after cancel work sync() has already been called. This can lead to a kernel bug, potentially resulting in a list deletion corruption and ultimately an invalid opcode error.

Recommendations Versions prior to 6.12.0 should be updated to version 6.12.0 or later.

Exploit

Fix

Multiple Releases of Same Resource or Handle

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1341

Related Identifiers

AZL-71366

BDU:2025-15942

CVE-2025-40261

DLA-4404-1

ECHO-ECC9-1238-A1BC

MGASA-2026-0017

MGASA-2026-0018

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

OESA-2026-2416

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0473-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8096-5

USN-8100-1

USN-8116-1

USN-8125-1

USN-8126-1

USN-8141-1

USN-8152-1

USN-8163-1

USN-8163-2

USN-8165-1

USN-8243-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40261

Weakness Enumeration

Related Identifiers

Affected Products

References · 3500