CVE-2025-40125
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx
In __blk_mq_update_nr_hw_queues() the return value of blk_mq_sysfs_register_hctxs() is not checked. If sysfs creation for hctx fails, later changing the number of hw_queues or removing disk will trigger the following warning:
kernfs: can not remove 'nr_tags', no directory WARNING: CPU: 2 PID: 637 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0x13f/0x160 Call Trace: remove_files.isra.1+0x38/0xb0 sysfs_remove_group+0x4d/0x100 sysfs_remove_groups+0x31/0x60 __kobject_del+0x23/0xf0 kobject_del+0x17/0x40 blk_mq_unregister_hctx+0x5d/0x80 blk_mq_sysfs_unregister_hctxs+0x94/0xd0 blk_mq_update_nr_hw_queues+0x124/0x760 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x92/0x120 [null_blk]
kobjct_del() was called unconditionally even if sysfs creation failed. Fix it by checkig the kobject creation statusbefore deleting it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 477e19dedc9d3e1f4443a1d4ae00572a988120ea < a8c53553f1833cc2d14175d2d72cf37193a01898 | affected |
| Linux | Linux | 477e19dedc9d3e1f4443a1d4ae00572a988120ea < cc14ea21c4e658814d737ed4dedde6cd626a15ad | affected |
| Linux | Linux | 477e19dedc9d3e1f4443a1d4ae00572a988120ea < 4b97e99b87a773d52699521d40864f3ec888e9a6 | affected |
| Linux | Linux | 477e19dedc9d3e1f4443a1d4ae00572a988120ea < 6e7dadc5763c48eb3b9b91265a21f312599ebb2c | affected |
| Linux | Linux | 477e19dedc9d3e1f4443a1d4ae00572a988120ea < 06c4826b1d900611096e4621e93133db57e13911 | affected |
| Linux | Linux | 477e19dedc9d3e1f4443a1d4ae00572a988120ea < babc634e9fe2803962dba98a07587e835dbc0731 | affected |
| Linux | Linux | 477e19dedc9d3e1f4443a1d4ae00572a988120ea < d5ddd76ee52bdc16e9f8b1e7791291e785dab032 | affected |
| Linux | Linux | 477e19dedc9d3e1f4443a1d4ae00572a988120ea < 4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed | affected |
| Linux | Linux | 4.20 | affected |
| Linux | Linux | 0 < 4.20 | unaffected |
| Linux | Linux | 5.4.301 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.246 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.195 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.156 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.112 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.53 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.3 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/a8c53553f1833cc2d14175d2d72cf37193a01898
- https://git.kernel.org/stable/c/cc14ea21c4e658814d737ed4dedde6cd626a15ad
- https://git.kernel.org/stable/c/4b97e99b87a773d52699521d40864f3ec888e9a6
- https://git.kernel.org/stable/c/6e7dadc5763c48eb3b9b91265a21f312599ebb2c
- https://git.kernel.org/stable/c/06c4826b1d900611096e4621e93133db57e13911
- https://git.kernel.org/stable/c/babc634e9fe2803962dba98a07587e835dbc0731
- https://git.kernel.org/stable/c/d5ddd76ee52bdc16e9f8b1e7791291e785dab032
- https://git.kernel.org/stable/c/4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.