Linux Kernel Vulnerability in SCSI Driver Functions
CVE-2025-40259

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40259?

A vulnerability in the Linux kernel's SCSI driver functions occurs when sg_finish_rem_req() is executed. The blk_rq_unmap_user() function called within this context is capable of entering a sleep state, which can lead to unintended consequences in a multi-threaded environment. By ensuring that sg_finish_rem_req() is called with interrupts enabled, this issue is mitigated, enhancing the overall stability and security of the kernel's SCSI subsystem.

Affected Version(s)

Linux 97d27b0dd015e980ade63fda111fd1353276e28b < 11eeee00c94d770d4e45364060b5f1526dfe567b

Linux 97d27b0dd015e980ade63fda111fd1353276e28b

References

https://git.kernel.org/stable/c/11eeee00c94d770d4e4536406...

https://git.kernel.org/stable/c/b343cee5df7e750d9033fba33...

https://git.kernel.org/stable/c/b2c0340cfa25c5c1f65e8590c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON