Linux Kernel Vulnerability in 9p/Trans_fd from Linux Foundation
CVE-2025-40305

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40305?

A vulnerability exists in the Linux kernel's 9p/trans_fd module, where the p9_read_work() function fails to set Rworksched and neglects to call schedule_work(m->rq) when the request list is empty. This issue arises from a change made in commit aaec5a95d59615, which optimized the pipe reading process. The resulting behavior leads to improper handling of conditions when pipes are full, potentially allowing for unintended data flow and processing errors. Adjustments are necessary to ensure that p9_fd_request() utilizes p9_poll_mux() correctly, improving reliability in data interactions.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2e1461034aef99e905a1fe5589aaf00eaea73eee

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 242531004d7de8c159f9bfadebe33fe8060b1046

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/2e1461034aef99e905a1fe558...

https://git.kernel.org/stable/c/242531004d7de8c159f9bfade...

https://git.kernel.org/stable/c/e8fe3f07a357c39d429e02ca3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON