CVE-2025-40061

EPSS 0.03%
Veröffentlicht 28.10.2025 11:48:33
Zuletzt bearbeitet 30.10.2025 15:05:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rxe: Fix race in do_task() when draining

When do_task() exhausts its iteration budget (!ret), it sets the state
to TASK_STATE_IDLE to reschedule, without a secondary check on the
current task->state. This can overwrite the TASK_STATE_DRAINING state
set by a concurrent call to rxe_cleanup_task() or rxe_disable_task().

While state changes are protected by a spinlock, both rxe_cleanup_task()
and rxe_disable_task() release the lock while waiting for the task to
finish draining in the while(!is_done(task)) loop. The race occurs if
do_task() hits its iteration limit and acquires the lock in this window.
The cleanup logic may then proceed while the task incorrectly
reschedules itself, leading to a potential use-after-free.

This bug was introduced during the migration from tasklets to workqueues,
where the special handling for the draining case was lost.

Fix this by restoring the original pre-migration behavior. If the state is
TASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to
force a new loop iteration. This allows the task to finish its work, so
that a subsequent iteration can reach the switch statement and correctly
transition the state to TASK_STATE_DRAINED, stopping the task as intended.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 85288bcf7ffe11e7b036edf91937bc62fd384076

Version 9b4b7c1f9f54120940e243251e2b1407767b3381

Status affected

Version < 52edccfb555142678c836c285bf5b4ec760bd043

Version 9b4b7c1f9f54120940e243251e2b1407767b3381

Status affected

Version < 660b6959c4170637f5db2279d1f71af33a49e49b

Version 9b4b7c1f9f54120940e243251e2b1407767b3381

Status affected

Version < 8ca7eada62fcfabf6ec1dc7468941e791c1d8729

Version 9b4b7c1f9f54120940e243251e2b1407767b3381

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.5

Status affected

Version < 6.5

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/85288bcf7ffe11e7b036edf91937bc62fd384076

https://git.kernel.org/stable/c/52edccfb555142678c836c285bf5b4ec760bd043

https://git.kernel.org/stable/c/660b6959c4170637f5db2279d1f71af33a49e49b

https://git.kernel.org/stable/c/8ca7eada62fcfabf6ec1dc7468941e791c1d8729

https://nvd.nist.gov/vuln/detail/CVE-2025-40061

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40061

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40061

EUVD