CVE-2025-40125 - Vulnerability Details

- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx

Description

In the Linux kernel, the following vulnerability has been resolved:

blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx

In __blk_mq_update_nr_hw_queues() the return value of
blk_mq_sysfs_register_hctxs() is not checked. If sysfs creation for hctx
fails, later changing the number of hw_queues or removing disk will
trigger the following warning:

kernfs: can not remove 'nr_tags', no directory
WARNING: CPU: 2 PID: 637 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0x13f/0x160
Call Trace:
remove_files.isra.1+0x38/0xb0
sysfs_remove_group+0x4d/0x100
sysfs_remove_groups+0x31/0x60
__kobject_del+0x23/0xf0
kobject_del+0x17/0x40
blk_mq_unregister_hctx+0x5d/0x80
blk_mq_sysfs_unregister_hctxs+0x94/0xd0
blk_mq_update_nr_hw_queues+0x124/0x760
nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]
nullb_device_submit_queues_store+0x92/0x120 [null_blk]

kobjct_del() was called unconditionally even if sysfs creation failed.
Fix it by checkig the kobject creation statusbefore deleting it.

Published: 2025-11-12

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`477e19dedc9d3e1f4443a1d4ae00572a988120ea`	affected	< a8c53553f1833cc2d14175d2d72cf37193a01898
`477e19dedc9d3e1f4443a1d4ae00572a988120ea`	affected	< cc14ea21c4e658814d737ed4dedde6cd626a15ad
`477e19dedc9d3e1f4443a1d4ae00572a988120ea`	affected	< 4b97e99b87a773d52699521d40864f3ec888e9a6
`477e19dedc9d3e1f4443a1d4ae00572a988120ea`	affected	< 6e7dadc5763c48eb3b9b91265a21f312599ebb2c
`477e19dedc9d3e1f4443a1d4ae00572a988120ea`	affected	< 06c4826b1d900611096e4621e93133db57e13911
`477e19dedc9d3e1f4443a1d4ae00572a988120ea`	affected	< babc634e9fe2803962dba98a07587e835dbc0731
`477e19dedc9d3e1f4443a1d4ae00572a988120ea`	affected	< d5ddd76ee52bdc16e9f8b1e7791291e785dab032
`477e19dedc9d3e1f4443a1d4ae00572a988120ea`	affected	< 4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed

Linux

affected

Version	Status	Constraints
`4.20`	affected	—
`0`	unaffected	< 4.20
`5.4.301`	unaffected	≤ 5.4.*
`5.10.246`	unaffected	≤ 5.10.*
`5.15.195`	unaffected	≤ 5.15.*
`6.1.156`	unaffected	≤ 6.1.*
`6.6.112`	unaffected	≤ 6.6.*
`6.12.53`	unaffected	≤ 6.12.*
`6.17.3`	unaffected	≤ 6.17.*
`6.18`	unaffected	≤ *

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4379-1	linux-6.1 security update
Debian DLA	DLA-4404-1	linux security update
Ubuntu USN	USN-8029-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8030-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8033-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-3	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8034-1	Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN	USN-8033-4	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-8029-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-5	Linux kernel vulnerabilities
Ubuntu USN	USN-8034-2	Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN	USN-8048-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-8033-6	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8033-7	Linux kernel vulnerabilities
Ubuntu USN	USN-8033-8	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-8029-3	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8095-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8095-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8100-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8095-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8095-4	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-8125-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8126-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8095-5	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8141-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8163-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8165-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8163-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8243-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8261-1	Linux kernel (Xilinx) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00058.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/06c4826b1d900611096e4621e93133db57e13911
https://git.kernel.org/stable/c/4b97e99b87a773d52699521d40864f3ec888e9a6
https://git.kernel.org/stable/c/4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed
https://git.kernel.org/stable/c/6e7dadc5763c48eb3b9b91265a21f312599ebb2c
https://git.kernel.org/stable/c/a8c53553f1833cc2d14175d2d72cf37193a01898
https://git.kernel.org/stable/c/babc634e9fe2803962dba98a07587e835dbc0731
https://git.kernel.org/stable/c/cc14ea21c4e658814d737ed4dedde6cd626a15ad
https://git.kernel.org/stable/c/d5ddd76ee52bdc16e9f8b1e7791291e785dab032
https://lore.kernel.org/linux-cve-announce/2025111253-CVE-2025-40125-cb33@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-40125
https://www.cve.org/CVERecord?id=CVE-2025-40125

History

Mon, 01 Dec 2025 06:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Fri, 14 Nov 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025111253-CVE-2025-40125-cb33@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-40125 https://www.cve.org/CVERecord?id=CVE-2025-40125
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 12 Nov 2025 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Wed, 12 Nov 2025 10:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx In __blk_mq_update_nr_hw_queues() the return value of blk_mq_sysfs_register_hctxs() is not checked. If sysfs creation for hctx fails, later changing the number of hw_queues or removing disk will trigger the following warning: kernfs: can not remove 'nr_tags', no directory WARNING: CPU: 2 PID: 637 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0x13f/0x160 Call Trace: remove_files.isra.1+0x38/0xb0 sysfs_remove_group+0x4d/0x100 sysfs_remove_groups+0x31/0x60 __kobject_del+0x23/0xf0 kobject_del+0x17/0x40 blk_mq_unregister_hctx+0x5d/0x80 blk_mq_sysfs_unregister_hctxs+0x94/0xd0 blk_mq_update_nr_hw_queues+0x124/0x760 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x92/0x120 [null_blk] kobjct_del() was called unconditionally even if sysfs creation failed. Fix it by checkig the kobject creation statusbefore deleting it.
Title		blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx
References		https://git.kernel.org/stable/c/06c4826b1d900611096e4621e93133db57e13911 https://git.kernel.org/stable/c/4b97e99b87a773d52699521d40864f3ec888e9a6 https://git.kernel.org/stable/c/4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed https://git.kernel.org/stable/c/6e7dadc5763c48eb3b9b91265a21f312599ebb2c https://git.kernel.org/stable/c/a8c53553f1833cc2d14175d2d72cf37193a01898 https://git.kernel.org/stable/c/babc634e9fe2803962dba98a07587e835dbc0731 https://git.kernel.org/stable/c/cc14ea21c4e658814d737ed4dedde6cd626a15ad https://git.kernel.org/stable/c/d5ddd76ee52bdc16e9f8b1e7791291e785dab032

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-11-12T10:23:20.180Z

Updated: 2025-12-01T06:18:30.912Z

Reserved: 2025-04-16T07:20:57.169Z

Link: CVE-2025-40125

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-11-12T11:15:42.043

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-40125

Redhat

Severity : Low

Publid Date: 2025-11-12T00:00:00Z

Links: CVE-2025-40125 - Bugzilla

OpenCVE Enrichment

Updated: 2025-11-12T22:12:12Z

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object