Race Condition in Linux Kernel's NVMe-FC Component
CVE-2025-40342

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40342?

A race condition exists in the NVMe-FC component of the Linux kernel related to remote port management. Specifically, the function nvme_fc_unregister_remote can remove a remote port from an lport object while the system may still be attempting to reconnect due to the lack of a lock when checking the port_state. This can lead to inconsistencies within the driver, jeopardizing the stability and security of the system. Proper locking mechanisms need to be implemented to protect shared state during concurrent operations to mitigate this vulnerability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4253e0a4546138a2bf9cb6acf66b32fee677fc7c

References

https://git.kernel.org/stable/c/de3d91af47bc015031e7721b1...

https://git.kernel.org/stable/c/e8cde03de8674b05f2c5e0870...

https://git.kernel.org/stable/c/4253e0a4546138a2bf9cb6acf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON