Description

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmet_fc_ls_req_op It’s possible for more than one async command to be in flight from __nvmet_fc_send_ls_req. For each command, a tgtport reference is taken. In the current code, only one put work item is queued at a time, which results in a leaked reference. To fix this, move the work item to the nvmet_fc_ls_req_op struct, which already tracks all resources related to the command.

INFO

Published Date :

2025-11-12T10:46:52.289Z

Last Modified :

2025-12-01T06:19:25.891Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40171 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40171.

URL Resource
https://git.kernel.org/stable/c/060ecc81240ef9d60d9485a3a5eb55a0d6e7a25c cve-icon cve-icon
https://git.kernel.org/stable/c/11269c08013f4ee8b8f5edc6c56700acb34092d0 cve-icon cve-icon
https://git.kernel.org/stable/c/7331925c247b03b7767b8cd93cfe1b7aa2377850 cve-icon cve-icon
https://git.kernel.org/stable/c/7a619f8c869117ffed08365b377f66b7e1d941b4 cve-icon cve-icon
https://git.kernel.org/stable/c/a28112cc55013cd8cbd5d36b5115a5b851151bd9 cve-icon cve-icon
https://git.kernel.org/stable/c/db5a5406fb7e5337a074385c7a3e53c77f2c1bd3 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025111259-CVE-2025-40171-0cb5@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40171 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40171 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact