Denial of Service in Linux Kernel nvme-fc Module
CVE-2025-40261

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 December 2025

What is CVE-2025-40261?

A vulnerability exists in the Linux kernel's nvme-fc module, where the improper cancellation of I/O error work can lead to system instability. Specifically, in the nvme_fc_delete_ctrl function, the cancellation of the ->ioerr_work must occur after the nvme_fc_delete_association function is called. Failure to do so can result in a list_del corruption, causing kernel crashes and impacting system performance, especially under heavy I/O operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f1cd8c40936ff2b560e1f35159dd6a4602b558e5 < 3d78e8e01251da032a5f7cbc9728e4ab1a5a5464

Linux 19fce0470f05031e6af36e49ce222d0f0050d432 < 60ba31330faf5677e2eebef7eac62ea9e42a200d

Linux 19fce0470f05031e6af36e49ce222d0f0050d432 < 3d81beae4753db3b3dc5b70dc300d4036e0d9cb8

References

https://git.kernel.org/stable/c/3d78e8e01251da032a5f7cbc9...
https://git.kernel.org/stable/c/60ba31330faf5677e2eebef7e...
https://git.kernel.org/stable/c/3d81beae4753db3b3dc5b70dc...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.