-

CVE-2025-40001

EPSS 0.09%
Veröffentlicht 18.10.2025 08:03:21
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

scsi: mvsas: Fix use-after-free bugs in mvs_work_queue

In the Linux kernel, the following vulnerability has been resolved:

scsi: mvsas: Fix use-after-free bugs in mvs_work_queue

During the detaching of Marvell's SAS/SATA controller, the original code
calls cancel_delayed_work() in mvs_free() to cancel the delayed work
item mwq->work_q. However, if mwq->work_q is already running, the
cancel_delayed_work() may fail to cancel it. This can lead to
use-after-free scenarios where mvs_free() frees the mvs_info while
mvs_work_queue() is still executing and attempts to access the
already-freed mvs_info.

A typical race condition is illustrated below:

CPU 0 (remove)            | CPU 1 (delayed work callback)
mvs_pci_remove()          |
  mvs_free()              | mvs_work_queue()
    cancel_delayed_work() |
      kfree(mvi)          |
                          |   mvi-> // UAF

Replace cancel_delayed_work() with cancel_delayed_work_sync() to ensure
that the delayed work item is properly canceled and any executing
delayed work item completes before the mvs_info is deallocated.

This bug was found by static analysis.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 20b09c2992fefbe78f8cede7b404fb143a413c52

Version < a6f68f219d4d4b92d7c781708d4afc4cc42961ec

Status affected

Version 20b09c2992fefbe78f8cede7b404fb143a413c52

Version < aacd1777d4a795c387a20b9ca776e2c1225d05d7

Status affected

Version 20b09c2992fefbe78f8cede7b404fb143a413c52

Version < 6ba7e73cafd155a5d3abf560d315f0bab2b9d89f

Status affected

Version 20b09c2992fefbe78f8cede7b404fb143a413c52

Version < c2c35cb2a31844f84f21ab364b38b4309d756d42

Status affected

Version 20b09c2992fefbe78f8cede7b404fb143a413c52

Version < 3c90f583d679c81a5a607a6ae0051251b6dee35b

Status affected

Version 20b09c2992fefbe78f8cede7b404fb143a413c52

Version < 00d3af40b158ebf7c7db2b3bbb1598a54bf28127

Status affected

Version 20b09c2992fefbe78f8cede7b404fb143a413c52

Version < feb946d2fc9dc754bf3d594d42cd228860ff8647

Status affected

Version 20b09c2992fefbe78f8cede7b404fb143a413c52

Version < 60cd16a3b7439ccb699d0bf533799eeb894fd217

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.31

Status affected

Version 0

Version < 2.6.31

Status unaffected

Version <= 5.4.*

Version 5.4.301

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.195

Status unaffected

Version <= 6.1.*

Version 6.1.157

Status unaffected

Version <= 6.6.*

Version 6.6.113

Status unaffected

Version <= 6.12.*

Version 6.12.54

Status unaffected

Version <= 6.17.*

Version 6.17.4

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.249

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/60cd16a3b7439ccb699d0bf533799eeb894fd217

https://git.kernel.org/stable/c/00d3af40b158ebf7c7db2b3bbb1598a54bf28127

https://git.kernel.org/stable/c/3c90f583d679c81a5a607a6ae0051251b6dee35b

https://git.kernel.org/stable/c/6ba7e73cafd155a5d3abf560d315f0bab2b9d89f

https://git.kernel.org/stable/c/c2c35cb2a31844f84f21ab364b38b4309d756d42

https://git.kernel.org/stable/c/feb946d2fc9dc754bf3d594d42cd228860ff8647

https://git.kernel.org/stable/c/a6f68f219d4d4b92d7c781708d4afc4cc42961ec

https://git.kernel.org/stable/c/aacd1777d4a795c387a20b9ca776e2c1225d05d7

https://nvd.nist.gov/vuln/detail/CVE-2025-40001

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40001

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40001

EUVD