CVE-2025-40130

Advisory lineage Upstream: 0 Downstream: 21
Deferred
Published: 12 Nov 2025, 10:23
Last modified:11 May 2026, 21:43

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

12 Nov 2025, 10:23
Published
Vulnerability first disclosed
11 May 2026, 21:43
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpu_latency_qos_add/remove/update_request interfaces lack internal synchronization by design, requiring the caller to ensure thread safety. The current implementation relies on the 'pm_qos_enabled' flag, which is insufficient to prevent concurrent access and cannot serve as a proper synchronization mechanism. This has led to data races and list corruption issues. A typical race condition call trace is: [Thread A] ufshcd_pm_qos_exit() --> cpu_latency_qos_remove_request() --> cpu_latency_qos_apply(); --> pm_qos_update_target() --> plist_del <--(1) delete plist node --> memset(req, 0, sizeof(*req)); --> hba->pm_qos_enabled = false; [Thread B] ufshcd_devfreq_target --> ufshcd_devfreq_scale --> ufshcd_scale_clks --> ufshcd_pm_qos_update <--(2) pm_qos_enabled is true --> cpu_latency_qos_update_request --> pm_qos_update_target --> plist_del <--(3) plist node use-after-free Introduces a dedicated mutex to serialize PM QoS operations, preventing data races and ensuring safe access to PM QoS resources, including sysfs interface reads.

EPSS Trends

Current EPSS score: 0.03% Percentile: 8%

Affected Systems

  • linuxlinux

    ≥ 2777e73fc154e2e87233bdcc0e2402b33815198e, < d9df61afb8d23c475f1be3c714da2c34c156ab01 | ≥ 2777e73fc154e2e87233bdcc0e2402b33815198e, < 79dde5f7dc7c038eec903745dc1550cd4139980e | 6.9

References (2)