CVE-2025-40061

EPSS 0.03%
Veröffentlicht 28.10.2025 11:48:33
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

RDMA/rxe: Fix race in do_task() when draining

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rxe: Fix race in do_task() when draining

When do_task() exhausts its iteration budget (!ret), it sets the state
to TASK_STATE_IDLE to reschedule, without a secondary check on the
current task->state. This can overwrite the TASK_STATE_DRAINING state
set by a concurrent call to rxe_cleanup_task() or rxe_disable_task().

While state changes are protected by a spinlock, both rxe_cleanup_task()
and rxe_disable_task() release the lock while waiting for the task to
finish draining in the while(!is_done(task)) loop. The race occurs if
do_task() hits its iteration limit and acquires the lock in this window.
The cleanup logic may then proceed while the task incorrectly
reschedules itself, leading to a potential use-after-free.

This bug was introduced during the migration from tasklets to workqueues,
where the special handling for the draining case was lost.

Fix this by restoring the original pre-migration behavior. If the state is
TASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to
force a new loop iteration. This allows the task to finish its work, so
that a subsequent iteration can reach the switch statement and correctly
transition the state to TASK_STATE_DRAINED, stopping the task as intended.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 6

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 9b4b7c1f9f54120940e243251e2b1407767b3381

Version < 85288bcf7ffe11e7b036edf91937bc62fd384076

Status affected

Version 9b4b7c1f9f54120940e243251e2b1407767b3381

Version < 52edccfb555142678c836c285bf5b4ec760bd043

Status affected

Version 9b4b7c1f9f54120940e243251e2b1407767b3381

Version < 660b6959c4170637f5db2279d1f71af33a49e49b

Status affected

Version 9b4b7c1f9f54120940e243251e2b1407767b3381

Version < 8ca7eada62fcfabf6ec1dc7468941e791c1d8729

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.5

Status affected

Version 0

Version < 6.5

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.079

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/85288bcf7ffe11e7b036edf91937bc62fd384076

https://git.kernel.org/stable/c/52edccfb555142678c836c285bf5b4ec760bd043

https://git.kernel.org/stable/c/660b6959c4170637f5db2279d1f71af33a49e49b

https://git.kernel.org/stable/c/8ca7eada62fcfabf6ec1dc7468941e791c1d8729

https://nvd.nist.gov/vuln/detail/CVE-2025-40061

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40061

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40061

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40061