CVE-2025-40342

Linux Kernel 4.10.0-6.17.8 - Race Condition in NVMe-FC Remote Port Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reconnect logic, because nvme_fc_create_association is not taking a lock to check the port_state and atomically increase the active count on the rport.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/de3d91af47bc015031e7721b100a29989f6498a5

Patch

https://git.kernel.org/stable/c/e8cde03de8674b05f2c5e0870729049eba517800

Patch

https://git.kernel.org/stable/c/4253e0a4546138a2bf9cb6acf66b32fee677fc7c

Patch

https://git.kernel.org/stable/c/25f4bf1f7979a7871974fd36c79d69ff1cf4b446

Patch

https://git.kernel.org/stable/c/9950af4303942081dc8c7a5fdc3688c17c7eb6c0

Patch

https://git.kernel.org/stable/c/a2f7fa75c4a2a07328fa22ccbef461db76790b55

Patch

https://git.kernel.org/stable/c/891cdbb162ccdb079cd5228ae43bdeebce8597ad

Scores

EPSS 0.0008

EPSS Percentile 22.6%

Details

Status published

Products (22)

linux/Kernel 4.10.0 - 5.10.247linux

linux/Kernel 5.11.0 - 5.15.197linux

linux/Kernel 5.16.0 - 6.1.159linux

linux/Kernel 6.13.0 - 6.17.8linux

linux/Kernel 6.2.0 - 6.6.117linux

linux/Kernel 6.7.0 - 6.12.58linux

Linux/Linux < 4.10

Linux/Linux 4.10

Linux/Linux 5.10.247 - 5.10.*

Linux/Linux 5.15.197 - 5.15.*

... and 12 more

Published Dec 09, 2025

Tracked Since Feb 18, 2026