Linux Kernel Vulnerability in NVMe over Fibre Channel Interface
CVE-2025-40343

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40343?

A vulnerability exists within the NVMe over Fibre Channel implementation of the Linux kernel. Specifically, improper handling during the shutdown of a port can lead to the scheduling of deletion actions for associations more than once. This issue arises when functions responsible for deleting controller associations inadvertently allow for double scheduling, which could lead to resource mismanagement. The flaw is due to inadequate tracking of associations during the deletion process, exacerbated by the absence of locking mechanisms due to the RCU list nature of the association list. A termination flag is necessary to manage the status of ongoing deletions effectively.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2f4852db87e25d4e226b25cb6f652fef9504360e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 85e2ce1920cb511d57aae59f0df6ff85b28bf04d

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 601ed47b2363c24d948d7bac0c23abc8bd459570

References

https://git.kernel.org/stable/c/2f4852db87e25d4e226b25cb6...

https://git.kernel.org/stable/c/85e2ce1920cb511d57aae59f0...

https://git.kernel.org/stable/c/601ed47b2363c24d948d7bac0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON