CVE-2025-40171
CVE-2025-40171 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (7th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-124912
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmet_fc_ls_req_op It’s possible for more than one async command to be in flight from __nvmet_fc_send_ls_req. For each command, a tgtport reference is taken. In the current code, only one put work item is queued at a time, which results in a leaked reference. To fix this, move the work item to the nvmet_fc_ls_req_op struct, which already tracks all resources related to the command.
Frequently asked questions
- What is CVE-2025-40171?
- In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmet_fc_ls_req_op It’s possible for more than one async command to be in flight from __nvmet_fc_send_ls_req. For each command, a tgtport reference is taken. In the current code, only one put work item is queued at a time, which results in a leaked reference. To fix this, move the work item to the nvmet_fc_ls_req_op struct, which already tracks all resources related to the command.
- Is CVE-2025-40171 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (7th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-40171?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-40171 have an EU (EUVD) identifier?
- Yes. CVE-2025-40171 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-124912.
- When was CVE-2025-40171 published?
- CVE-2025-40171 was published on 2025-11-12 and last updated on 2026-06-17.
References
- https://git.kernel.org/stable/c/060ecc81240ef9d60d9485a3a5eb55a0d6e7a25c
- https://git.kernel.org/stable/c/11269c08013f4ee8b8f5edc6c56700acb34092d0
- https://git.kernel.org/stable/c/7331925c247b03b7767b8cd93cfe1b7aa2377850
- https://git.kernel.org/stable/c/7a619f8c869117ffed08365b377f66b7e1d941b4
- https://git.kernel.org/stable/c/a28112cc55013cd8cbd5d36b5115a5b851151bd9
- https://git.kernel.org/stable/c/db5a5406fb7e5337a074385c7a3e53c77f2c1bd3