CVE-2025-40171

EPSS 0.04%
Veröffentlicht 12.11.2025 10:46:52
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

nvmet-fc: move lsop put work to nvmet_fc_ls_req_op

In the Linux kernel, the following vulnerability has been resolved:

nvmet-fc: move lsop put work to nvmet_fc_ls_req_op

It’s possible for more than one async command to be in flight from
__nvmet_fc_send_ls_req. For each command, a tgtport reference is taken.

In the current code, only one put work item is queued at a time, which
results in a leaked reference.

To fix this, move the work item to the nvmet_fc_ls_req_op struct, which
already tracks all resources related to the command.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

CNA 2 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 5e0bc09a52b6169ce90f7ac6e195791adb16cec4

Version < 11269c08013f4ee8b8f5edc6c56700acb34092d0

Status affected

Version 9e6987f8937a7bd7516aa52f25cb7e12c0c92ee8

Version < a28112cc55013cd8cbd5d36b5115a5b851151bd9

Status affected

Version eaf0971fdabf2a93c1429dc6bedf3bbe85dffa30

Version < 060ecc81240ef9d60d9485a3a5eb55a0d6e7a25c

Status affected

Version 710c69dbaccdac312e32931abcb8499c1525d397

Version < 7331925c247b03b7767b8cd93cfe1b7aa2377850

Status affected

Version 710c69dbaccdac312e32931abcb8499c1525d397

Version < 7a619f8c869117ffed08365b377f66b7e1d941b4

Status affected

Version 710c69dbaccdac312e32931abcb8499c1525d397

Version < db5a5406fb7e5337a074385c7a3e53c77f2c1bd3

Status affected

Version 1d86f79287206deec36d63b89c741cf542b6cadd

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.8

Status affected

Version 0

Version < 6.8

Status unaffected

Version <= 5.15.*

Version 5.15.195

Status unaffected

Version <= 6.1.*

Version 6.1.156

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.12

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/11269c08013f4ee8b8f5edc6c56700acb34092d0

https://git.kernel.org/stable/c/a28112cc55013cd8cbd5d36b5115a5b851151bd9

https://git.kernel.org/stable/c/060ecc81240ef9d60d9485a3a5eb55a0d6e7a25c

https://git.kernel.org/stable/c/7331925c247b03b7767b8cd93cfe1b7aa2377850

https://git.kernel.org/stable/c/7a619f8c869117ffed08365b377f66b7e1d941b4

https://git.kernel.org/stable/c/db5a5406fb7e5337a074385c7a3e53c77f2c1bd3

https://nvd.nist.gov/vuln/detail/CVE-2025-40171

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40171

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40171

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40171